Diwali wish message scam: Chinese website stealing banking details, here’s how you can stay safe

Written By DNA Web Team | Updated: Oct 22, 2022, 04:36 PM IST

In the last few days, DNA India authors have also received a couple of these viral Diwali messages with links that can steal information from users.

Diwali is here and with it comes the season of gifting, wishes and messages. To take the best advantage of this festive season, fraudsters have come up with a new way to dupe people via fake Diwali offers and messages. As per an advisory issued by the Indian government’s cybersecurity team, a few viral Diwali wishes messages are targeting users to steal personal and banking details. Indian Computer Emergency Response Team (CERT-In) reveals that these Diwali messages have links with a few Chinese websites as the links in the viral messages use .cn domain extensions, while others use extensions such as .xyz and .top.

In the last few days, DNA India authors have also received a couple of those viral messages with links that can steal information from users. One of such messages was also designed to look like a popular Indian jewellery brand Tanishq.

As explained by the government’s team in an advisory, “Fake messages are in circulation on various social media platforms (WhatsApp, Instagram, Telegram etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asks to share the link among peers on WhatsApp/Telegram/Instagram accounts.”

.

How the Diwali wish message scam works

First a Diwali wish message that contains a malicious link is received by a victim. After clicking on the link, the victim is greeted with a fake website that imitates a popular brand. The victim is then lured to fill in some personal details and grant access to their contacts, messages, call records in order to get a special gift.

Also Read: Reliance JioBook budget Android laptop launched in India, available at Rs 13,299 in Diwali sale

After receiving the information, the website asks the victim to share the message with a certain number of friends and their social media platforms in order to claim the special Diwali gift.

How to stay safe from such scams

To stay safe from such frauds, you should never share your banking details with anyone, especially online without receiving the link from an unverified source. Before opening any website, you should read the URL carefully and also keep an eye for suspicious extensions.