Sunday, August 31, 2025
spot_img

Surge in malicious campaigns exploiting “Diwali” and “Pooja” domains for scams

Date:

Share post:

spot_imgspot_img

Shillong, November 9: Cybersecurity experts at CloudSEK have identified a significant rise in malicious campaigns targeting users during the festive season, employing deceptive “Diwali” and “Pooja” domains, particularly aimed at e-commerce platforms.

As per IANS, the researchers observed phishing campaigns impacting recharge and e-commerce sectors with the intent to harm the reputation of well-known brands. In their investigation, they unearthed 828 unique domains within the Facebook Ads Library being utilized for phishing endeavors.

Rishika Desai, lead cyber intelligence at CloudSEK, emphasized the alarming increase in hosting fake domains for online shopping scams this year. These scams pose a risk of evolving into financial frauds, as hackers can masquerade as customer representatives, exploiting the vulnerability of unsuspecting victims.

The report highlights the utilization of typosquatting techniques to create domains that appear legitimate, exemplified by instances like “shop.com” being mimicked as “shoop.xyz” with identical features and content. Notably, domains incorporating the keywords “Diwali” and “Pooja” were identified, hosted on a Hong Kong-based ASN by Megalayer Technologies, redirecting users to various Chinese betting pages.

This particular domain, created approximately a month ago, redirects to multiple gambling sites, including Bet 365 and MGM, according to the report. Desai noted cybercriminals’ exploitation of increased internet traffic during Diwali, targeting users with malicious websites mimicking authentic gambling platforms.

The report also exposed misleading activities on Facebook and other social media channels, where malicious users entice genuine users to register on unreliable cryptocurrency websites. An example cited is Bot Bro, enticing consumers to dubious crypto platforms by offering free life insurance up to one crore and five TLC coins.

Furthermore, the report revealed a case involving an e-commerce website selling jewelry, registered on October 3, urging users to download an application embedded with an Android Trojan.

spot_imgspot_img

Related articles

UAE heat forces 30-minute delay in Asia Cup matches

Dubai, Aug 30: The start time for 18 out of the 19 matches in the upcoming Asia Cup...

Gill awaits fitness test for Asia Cup

Bengaluru, Aug 30: India Test skipper and T20 vice-captain Shubman Gill reached the BCCI Centre of Excellence here...

Oman skipper ready for maiden Asia Cup

New Delhi, Aug 30: When Oman steps out for their maiden Asia Cup game against Pakistan in Dubai...

Indian fan zones sold out: CA

Melbourne, Aug 30: Cricket Australia has announced that the dedicated Indian fan zones at all eight venues for...