China-based hackers scam Indian users with Tata Motors' fake gift offer

New Delhi: Lately, the scams luring people with fraudulent offers have skyrocketed in the cyber digital world. And the latest victims of these online cyber scams are now the Indian users who are lured with a malicious gift campaign pretending to be an offer from Tata Motors.

The campaign which has been traced to China-based hackers by the cybersecurity researchers in India on Thursday said that the hackers are collecting the data of users through this fraudulent offer.

According to the research wing of New Delhi-based CyberPeace Foundation, they received some links via WhatsApp, related to a gift offer from Tata Motors, collecting browser and system information as well as the cookie data from the users.

The research team found that the campaign which is pretended to be an offer from Tata Motors is actually on the third-party domain instead of the official website of Tata Motors which makes it more suspicious.

According to the researchers, if any user opens the link from a device like smartphones where the WhatsApp application is installed, the sharing features on the site will open the WhatsApp application on the device to share the link.

"The prizes are kept attractive to lure the laymen," the team said.

The title of the fake website is "Tata Motors Cars, Celebrates sales exceeding 30 million."

On the landing page, a congratulations message appears with an attractive photo of a Tata Safari car and asks users to participate in a quick survey to get a free TATA Safari vehicle.

The research revealed that at the bottom of this page, a section comes up which seems to be a Facebook comment section where many users have commented about how the offer is beneficial.

After clicking the OK button, users are given three attempts to win the prize. After completing all the attempts, it says that the user has won "TATA SAFARI".

"Congratulations! You did it! You won the TATA SAFARI!" Clicking on the 'OK' button, then instructs users to share the campaign on WhatsApp.

The user then has to click the WhatsApp button to complete the progress bar. After clicking on the green 'Complete registration' button, it redirects the user to multiple advertisements web pages, and it varies each time the user clicks on the button.

According to the researchers, cybercriminals used Cloudflare technologies to mask the real IP addresses of the front-end domain names used in the gifts from the Tata Motors campaign.

CyberPeace Foundation, a think tank and grassroots NGO of cybersecurity and policy experts, along with Autobot Infosec Private Limited looked into this matter to realise that these websites are online fraud.

The Foundation recommended that people avoid opening such messages sent via social platforms.

Tags: