As the festive season is almost here and people are too into online shopping and payments for their festivities. The one more thing on the verge is online fraud and scams. Cybersecurity firm Quick Heal Technologies has released an advisory which highlights significant threats targeting internet users. Cybercriminals continuously evolve their strategies, exploiting various platforms to deceive unsuspecting individuals. Experts from Seqrite Labs have pinpointed critical trends in digital fraud.
Banking Reward Scams
Fraudsters utilise social engineering techniques to persuade users to download harmful APK files. They often create urgency with messages like “Available only today” or “Last day!” to lure users. Scammers promise enticing rewards, such as “Sign up now to enjoy a free gift worth $$$,” or create fear with warnings like “Your account has been blocked due to KYC update.” These schemes can lead to financial loss, theft of personal data, phishing for bank credentials, and unauthorised transactions. Once they gain access to a victim’s device, attackers may exploit it further.
Also read: Downloading free movie? You may become victim of ‘Peaklight’: What is it and how it works
Fake IRCTC Application
A fake app impersonating the official IRCTC platform has been discovered. This spyware can steal credentials from Facebook and Google, extract codes from Google Authenticator, track GPS locations, and even capture video using the device’s camera. The application collects data on installed apps and transmits it to a command and control (C2) server.
Festival-Related Scams
With holidays like Diwali, Dussehra, and Christmas approaching, Quick Heal warns of increased cybercriminal activity targeting shoppers. Scammers create counterfeit domains that mimic legitimate shopping sites, such as “shoop.xyz,” resembling “shop.com.” They distribute malicious links disguised as festival gifts through WhatsApp, SMS, and email, often employing shortened URLs to obscure their true nature. Victims who click these links encounter forms requesting personal details and access to contacts and messages. Scammers exploit urgency by encouraging users to share the offer with others.
Also read: Google Gemini-powered Smart Replies coming to Gmail- All details
Gift Card Fraud
Scammers are also targeting e-commerce customers with fraudulent messages claiming they have won prizes or gift cards. These messages, sent via SMS, email, or social media, often state, “Dear customer, congratulations! You have won…” Users are directed to click links to claim their prizes, leading to malicious websites that harvest personal data.
Income Tax Refund Scam
A new scheme involves contacting individuals regarding fake tax refunds. Scammers use SMS, WhatsApp, or email to urge victims to update their account details to receive a refund. Messages frequently state, “Your income tax refund of Rs. XXXX has been approved. Please verify your account number XXXX,” leading to unauthorised access to victims’ accounts.
QR Code Phishing
Fraudsters exploit the popularity of QR codes by sending malicious codes through text messages, social media, or email. Scanning these codes redirects users to counterfeit websites designed to steal personal and financial information. In some instances, scanning may lead to malware downloads that compromise the user’s device.