Business
Scammers using 'Diwali', 'Pooja' domains to con users this festive season: Report
New Delhi, Nov 9
Cybersecurity researchers have discovered a sharp surge in malicious campaigns that use "Diwali" and "Pooja" domains to scam users this festive season via e-commerce websites, a new report warned on Thursday.
The researchers from the cybersecurity company CloudSEK have witnessed phishing campaigns targeting recharge and e-commerce sectors attempting to damage the brands of reputed entities.
They uncovered about 828 unique domains from the Facebook Ads Library that were being used for phishing campaigns.
"This year, there has been a steep spike in the hosting of fake domains for online shopping scams. These scams can further escalate into financial frauds, where hackers can impersonate customer representatives from various organizations, exploiting the gullibility of innocent victims," said Rishika Desai, lead cyber intelligence, CloudSEK.
According to the report, these unique domains were formed by typosquatting techniques to bring legitimacy to less technologically advanced audiences. For instance, shop.com was impersonated as shoop.xyz with the same features and content as the original website.
A domain having keywords "Diwali" and "Pooja" were found to be hosted on a Hong Kong-based ASN by Megalayer Technologies.
This domain was redirected to different Chinese betting pages.
The website was created approximately a month ago and redirects to multiple gambling sites such as Bet 365, MGM, etc, the report said.
"Cybercriminals often exploit the increased internet traffic during Diwali to target unsuspecting users with malicious websites that mimic legitimate gambling platforms," Desai said.
Moreover, the report mentioned that various malicious users on Facebook and other relevant social media channels were found to be misleading genuine users by asking them to register on unreliable cryptocurrency websites.
One such example is Bot Bro, which lures consumers to untrustworthy crypto platforms by providing free life insurance up to one crore and five TLC coins.
An e-commerce website selling jewellery registered on October 3, was found to be requesting users to download an application embedded with an Android Trojan.
This website had the "Diwali" keyword in its domain name.
47 minutes ago
Vietnam boat accident: TN govt extends full support to victims and families
59 minutes ago
Kerala couple among 15 Indians killed in Vietnam boat tragedy
1 hour ago
FIFA WC: 'Haaland is unstoppable in the box,' says Vieri ahead of Norway vs England quarterfinal
1 hour ago
FIFA WC: When and where to watch Argentina vs Switzerland, know all details
4 hours ago
Boat carrying Indian tourists capsizes in Vietnam, several killed
6 hours ago
Courtroom drama was on Kajal Aggarwal’s radar for a long time
6 hours ago
Television actor Rohit Chandel arrested for allegedly stalking, harassing a minor
6 hours ago
Matt Damon wants to collaborate with Shekhar Kapur
6 hours ago
India ranks 1st in milk production, 2nd in mobile, 3rd in auto globally: PM Modi in New Zealand
6 hours ago
Onion prices jump in Chennai as Maharashtra supply drops, traders warn of further rise
6 hours ago
FSSAI slaps Swiggy Instamart with 9 notices following consumer complaints
6 hours ago
Sabarimala Tantri designate opts out, cites ill health
6 hours ago
Correct script, pronunciation: Centre issues fresh guidelines for National Song, National Anthem
