CERT-In warns of new Diwali scam where Chinese websites steal user information: How to stay safe

India's CERT-In has warned that some Chinese websites are stealing information from unsuspecting users by pretending to offer free Diwali gifts. Here is how the scam operates and how you can keep yourself safe.

Diwali Scam | Diwali Gift Scam | Chinese Website

These scammers ask the victims to share the website links with their friends and family through WhatsApp/Instagram Telegram etc to "claim a prize" (Illustrative image) (Image credit: Pixabay)

Diwali Gift Scam, Chinese Website: If you have received social media links to websites which promise free Diwali gifts, there is a good chance that the link is to a website trying to steal your information. According to an advisory issued by the Indian Computer Emergency Response Team (CERT-In), users are being targeted with such links that lead to Chinese websites that can steal important information including banking details.

“Fake messages are in circulation on various social media platforms (WhatsApp, Instagram, Telegram etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asks to share the link among peers on WhatsApp/Telegram/Instagram accounts,” said the CERT-In advisory.

ALSO READ | ‘Your electricity will be disconnected…’: Scammers try to lure unsuspecting victims

The national cybersecurity agency said that most of these websites use Chinese .cn domain extensions, while others use extensions such as .xyz and .top.

Story continues below this ad

How it works

First, the user receives a message containing this link. It could come from other victims who have been asked to share the link with their friends and family. Once a user clicks on the link, they are first greeted by a false “Congratulations” message. After this, they are asked to fill in details in a questionnaire.

After a victim fills in the questionnaire, they are asked to select a “gift” from a set of items. Once a user does that, they are greeted by another false congratulations message which asks them to share the message with friends and groups on WhatsApp or other social media platforms in order to claim the prize.

How to avoid this scam

In order to avoid such scams, first, you need to make sure that you don’t click on links to any websites that you do not trust. Even if a link looks like it will take you to a legitimate website, double-check to make sure it is not a variation of some form. In case you have any doubts, search for the website on Google or other search engines to see if they are legitimate.

Remember that legitimate organisations will not ask for your login details, credit card number or other credentials through questionnaires. Further, make sure you keep your personal information private and don’t share it unless it is with legitimate websites.

Story continues below this ad

Since such attacks typically involve fraudulent financial transactions, set transfer limits for UPI and other transactions through your bank so that you reduce any exposure you could have.

Tags:
scam

Loading Taboola...

Among dead in Vijay rally stampede, young mother, couple set to marry

Cities3 hr ago

A rally by actor-politician Vijay in Velusamypuram ended tragically with 40 deaths in a stampede. Non-political workers gathered to see the superstar, but exhaustion, heat, and poor planning caused chaos. People collapsed, ambulances couldn't reach, and police presence was inadequate. Vijay's team ignored instructions, and the narrow roads and insufficient crowd control added to the tragedy.

View all shorts

Live Blog