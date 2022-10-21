As we get close to celebrating Diwali and Dhanteras, numerous fraudsters are taking full advantage of the chance to defraud users with free Diwali gift scams. The Indian Computer Emergency Response Team (CERT-In) has informed users of potential frauds and issued warnings.

According to reports, a few Chinese websites are sending customers phishing URLs that claim to offer free Diwali gifts. However, the URLs are being sent with the sinister goal of stealing users' private information, including their phone numbers, bank account information, and more.

CERT-In warned users to stay cautious and avoid clicking on spurious links. "Fake messages purporting to be from social media networks (WhatsApp, Instagram, Telegram, etc.) are circulating and tricking people into clicking on gift links and winning rewards.” As per the CERT-In advice, the threat actor campaign primarily targets women and invites them to share the link with their peers on WhatsApp, Telegram, and Instagram accounts.

Notably, the advisory council reiterated that the majority of these phishing websites originate from China because they have Chinese.cn domain extensions, as opposed to other websites that have extensions like.xyz and.top.

Users initially receive a URL that makes false benefits promises, according to CERT-In. Uninformed users are persuaded to click on the prize-claiming link. When the user clicks on the link, a phoney congrats message appears, further pressuring them to enter their personal information.

The user is then requested to share the information with friends and family in order to claim the reward after filling out all the necessary information. The user accidentally gives all of their personal information to online criminals while attempting to obtain a free gift.

Here’s how to stay away from such online scams:

It is important to avoid clicking on links that you don’t trust or have doubts about. It is preferable to double check links before clicking.

Always remember that a genuine company in any capacity will not ask for your login credentials.

It is advisable to never share any kind of personal information or online banking credentials through email or message as there are high chances to get defrauded.

Last but not the least, always set transfer limits for UPI and other kinds of online transactions via your bank as it can help avert frauds.

