Shillong, November 9: Cybersecurity experts at CloudSEK have identified a significant rise in malicious campaigns targeting users during the festive season, employing deceptive “Diwali” and “Pooja” domains, particularly aimed at e-commerce platforms.
As per IANS, the researchers observed phishing campaigns impacting recharge and e-commerce sectors with the intent to harm the reputation of well-known brands. In their investigation, they unearthed 828 unique domains within the Facebook Ads Library being utilized for phishing endeavors.
Rishika Desai, lead cyber intelligence at CloudSEK, emphasized the alarming increase in hosting fake domains for online shopping scams this year. These scams pose a risk of evolving into financial frauds, as hackers can masquerade as customer representatives, exploiting the vulnerability of unsuspecting victims.
The report highlights the utilization of typosquatting techniques to create domains that appear legitimate, exemplified by instances like “shop.com” being mimicked as “shoop.xyz” with identical features and content. Notably, domains incorporating the keywords “Diwali” and “Pooja” were identified, hosted on a Hong Kong-based ASN by Megalayer Technologies, redirecting users to various Chinese betting pages.
This particular domain, created approximately a month ago, redirects to multiple gambling sites, including Bet 365 and MGM, according to the report. Desai noted cybercriminals’ exploitation of increased internet traffic during Diwali, targeting users with malicious websites mimicking authentic gambling platforms.
The report also exposed misleading activities on Facebook and other social media channels, where malicious users entice genuine users to register on unreliable cryptocurrency websites. An example cited is Bot Bro, enticing consumers to dubious crypto platforms by offering free life insurance up to one crore and five TLC coins.
Furthermore, the report revealed a case involving an e-commerce website selling jewelry, registered on October 3, urging users to download an application embedded with an Android Trojan.