Friday, August 8, 2025
spot_img

Surge in malicious campaigns exploiting “Diwali” and “Pooja” domains for scams

Date:

Share post:

spot_imgspot_img

Shillong, November 9: Cybersecurity experts at CloudSEK have identified a significant rise in malicious campaigns targeting users during the festive season, employing deceptive “Diwali” and “Pooja” domains, particularly aimed at e-commerce platforms.

As per IANS, the researchers observed phishing campaigns impacting recharge and e-commerce sectors with the intent to harm the reputation of well-known brands. In their investigation, they unearthed 828 unique domains within the Facebook Ads Library being utilized for phishing endeavors.

Rishika Desai, lead cyber intelligence at CloudSEK, emphasized the alarming increase in hosting fake domains for online shopping scams this year. These scams pose a risk of evolving into financial frauds, as hackers can masquerade as customer representatives, exploiting the vulnerability of unsuspecting victims.

The report highlights the utilization of typosquatting techniques to create domains that appear legitimate, exemplified by instances like “shop.com” being mimicked as “shoop.xyz” with identical features and content. Notably, domains incorporating the keywords “Diwali” and “Pooja” were identified, hosted on a Hong Kong-based ASN by Megalayer Technologies, redirecting users to various Chinese betting pages.

This particular domain, created approximately a month ago, redirects to multiple gambling sites, including Bet 365 and MGM, according to the report. Desai noted cybercriminals’ exploitation of increased internet traffic during Diwali, targeting users with malicious websites mimicking authentic gambling platforms.

The report also exposed misleading activities on Facebook and other social media channels, where malicious users entice genuine users to register on unreliable cryptocurrency websites. An example cited is Bot Bro, enticing consumers to dubious crypto platforms by offering free life insurance up to one crore and five TLC coins.

Furthermore, the report revealed a case involving an e-commerce website selling jewelry, registered on October 3, urging users to download an application embedded with an Android Trojan.

spot_imgspot_img

Related articles

Impasse over SIR continues, Lok Sabha adjourned till 3 pm

New Delhi, Aug 8: The Lok Sabha was adjourned till 3 p.m. on Friday after repeated disruptions by...

Early signs India may recalibrate its strategic posture post US tariffs: Report

New Delhi, Aug 8: With Prime Minister Narendra Modi set to visit China after six years and National...

Election ‘fraud’ protest: Rahul Gandhi arrives in B’luru; tight security at State EC

Bengaluru, Aug 8: Lok Sabha Leader of Opposition (LoP) Rahul Gandhi arrived at HAL Airport in Bengaluru on...

If EC has different facts, publish them: Cong, Shiv Sena (UBT) back LoP Gandhi’s allegations of voter fraud

New Delhi, Aug 8:  A day after Lok Sabha Leader of the Opposition (LoP) Rahul Gandhi accused the...