Festival Scam: Scammers Use ‘Diwali’ and ‘Pooja’ Domains To Scam Customers During Festive Seasons via E-Commerce Websites, Says Report

According to the report, these unique domains were formed by typosquatting techniques to bring legitimacy to less technologically advanced audiences. For instance, shop.com was impersonated as shoop.xyz with the same features and content as the original website.

Diwali Scammers (Photo Credit: Pexels)

New Delhi, November 9: Cybersecurity researchers have discovered a sharp surge in malicious campaigns that use "Diwali" and "Pooja" domains to scam users this festive season via e-commerce websites, a new report warned on Thursday. The researchers from the cybersecurity company CloudSEK have witnessed phishing campaigns targeting recharge and e-commerce sectors attempting to damage the brands of reputed entities.

They uncovered about 828 unique domains from the Facebook Ads Library that were being used for phishing campaigns. "This year, there has been a steep spike in the hosting of fake domains for online shopping scams. These scams can further escalate into financial frauds, where hackers can impersonate customer representatives from various organizations, exploiting the gullibility of innocent victims," said Rishika Desai, lead cyber intelligence, CloudSEK. Omegle Shuts Down Its Operations After Massive Controversy of BBC Investigation in 2021 That Found Children Exposing Themselves to Strangers on Website.

According to the report, these unique domains were formed by typosquatting techniques to bring legitimacy to less technologically advanced audiences. For instance, shop.com was impersonated as shoop.xyz with the same features and content as the original website.  A domain having keywords "Diwali" and "Pooja" were found to be hosted on a Hong Kong-based ASN by Megalayer Technologies. This domain was redirected to different Chinese betting pages.

The website was created approximately a month ago and redirects to multiple gambling sites such as Bet 365, MGM, etc, the report said.  "Cybercriminals often exploit the increased internet traffic during Diwali to target unsuspecting users with malicious websites that mimic legitimate gambling platforms," Desai said. WhatsApp New Feature Update: Meta-Owned App Adds New ‘Protect IP Address in Calls’ Feature To Let You Hide Your Location From Other Parties on Call.

Moreover, the report mentioned that various malicious users on Facebook and other relevant social media channels were found to be misleading genuine users by asking them to register on unreliable cryptocurrency websites.  One such example is Bot Bro, which lures consumers to untrustworthy crypto platforms by providing free life insurance up to one crore and five TLC coins.  An e-commerce website selling jewellery registered on October 3, was found to be requesting users to download an application embedded with an Android Trojan. This website had the "Diwali" keyword in its domain name.

(The above story first appeared on LatestLY on Nov 09, 2023 07:02 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).

Share Now

Share Now