The nation's cybersecurity watchdog, the Indian Computer Emergency Response Team (CERT-In), on October 18 issued an advisory asking users to be aware of festival-themed scams that promise users offers and prizes but end up stealing sensitive information like bank account details and OTP. "It has been reported that adwares are targeting prominent brands and tricking its (sic) customers in fraudulent phishing/fraudulent scams. Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram, etc) that falsely claim a festive offer luring users into gift links and prizes," CERT-In explained. "The threat actor campaign is mostly targeting women and asking to share the links among peers," the agency added. Why does this matter: It's easy for users to get misled by a scam offer because all major e-commerce platforms and brands are running some promotion or the other for Diwali. CERT-In's advisory informs users what to look out for, as "these attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds." How are these scams carried out: "The victim receives a message containing a link to a phishing website similar to the websites of popular brands. The customer will be lured with a false claim of a special festive offer on answering a questionnaire through which one can win money and prizes. The attackers entice the users to give sensitive information like personal details, bank account details, passwords, OTPs, or use it for adware, and other adversarial purposes," CERT-in elaborated. The cybersecurity watchdog said…
