Diwali gift scam, Chinese website: If you have received social media links to websites that promise free Diwali gifts, chances are the link is to a website trying to steal your information. According to an advisory issued by India’s Computer Emergency Response Team (CERT-In), users are targeted by such links that lead to Chinese websites that can steal important information, including bank details.
“False messages are circulating on various social media platforms (WhatsApp, Instagram, Telegram, etc.) which falsely claim a festive offer attracting users to giveaway links and prizes. The threat actors’ campaign mainly targets women and asks to share the peer-to-peer link on WhatsApp/Telegram/Instagram accounts,” the CERT-In notice said.
The national cybersecurity agency said most of these websites use Chinese .cn domain extensions, while others use extensions such as .xyz and .top.
How it works
First, the user receives a message containing this link. It could be from other victims who were asked to share the link with their friends and family. Once a user clicks on the link, they are first greeted with a fake “Congratulations” message. After that, they are asked to fill in details in a questionnaire.
Once a victim has completed the questionnaire, they are asked to select a “gift” from a set of items. Once a user does this, they are greeted with another fake congratulatory message that asks them to share the message with friends and groups on WhatsApp or other social media platforms in order to claim the prize.
How to avoid this scam
In order to avoid such scams, you must first ensure that you do not click on links to websites that you do not trust. Even if a link seems to direct you to a legitimate website, check that it’s not a variation of one form or another. If in doubt, search the website on Google or other search engines to see if they are legit.
Remember that legitimate organizations will not ask you for your login information, credit card number, or other identifying information through questionnaires. Also, make sure to keep your personal information private and don’t share it unless it’s with legitimate websites.
Since such attacks typically involve fraudulent financial transactions, set transfer limits for UPI and other transactions through your bank to reduce any exposure you may have.