Article DETAILS

The maliciously crafted online advertisements, impersonating prominent brands, have been found to trap customers in phishing and financial scams, according to a report by the Computer Emergency Response Team (CERT-In). In a note issued on Tuesday, the agency alerted consumers on fake festival-themed ad campaigns. 

These campaigns include fake messages on social networking platforms like WhatsApp, Telegram, Instagram, and Facebook. They are said to be luring users into clicking malicious links that claim to lead to get gifts and prizes. 

According to CERT-In, websites involved in these scams predominantly have a Chinese domain, ‘.cn’, with extensions ‘.top’, ‘.xyz’. These attack campaigns can compromise the privacy of users by enticing them to share sensitive personal information like bank account details, passwords and OTPs. 

These campaigns have also been found to gather user information to display advertisements through pop-ups and advertorial material. 

ERT-In in its notes shared that links used in these campaigns are programmed to lead users to a phishing website impersonating websites from popular brands. And are luring customers by asking them to fill fake questionnaires through which they can win money and prizes. These malicious campaigns are also asking users to share links with their contacts thereby increasing their impact. 

CERT-In has advised users not to browse un-trusted websites, click on un-trusted links or share unknown links on social media platforms. Users have also been asked not to share sensitive information on email or messaging apps.