Scammers using 'Diwali', 'Pooja' domains to con users this festive season: Report

New Delhi, Nov 9

Cybersecurity researchers have discovered a sharp surge in malicious campaigns that use "Diwali" and "Pooja" domains to scam users this festive season via e-commerce websites, a new report warned on Thursday.

The researchers from the cybersecurity company CloudSEK have witnessed phishing campaigns targeting recharge and e-commerce sectors attempting to damage the brands of reputed entities.

They uncovered about 828 unique domains from the Facebook Ads Library that were being used for phishing campaigns.

"This year, there has been a steep spike in the hosting of fake domains for online shopping scams. These scams can further escalate into financial frauds, where hackers can impersonate customer representatives from various organizations, exploiting the gullibility of innocent victims," said Rishika Desai, lead cyber intelligence, CloudSEK.

According to the report, these unique domains were formed by typosquatting techniques to bring legitimacy to less technologically advanced audiences. For instance, shop.com was impersonated as shoop.xyz with the same features and content as the original website.

A domain having keywords "Diwali" and "Pooja" were found to be hosted on a Hong Kong-based ASN by Megalayer Technologies.

This domain was redirected to different Chinese betting pages.

The website was created approximately a month ago and redirects to multiple gambling sites such as Bet 365, MGM, etc, the report said.

"Cybercriminals often exploit the increased internet traffic during Diwali to target unsuspecting users with malicious websites that mimic legitimate gambling platforms," Desai said.

Moreover, the report mentioned that various malicious users on Facebook and other relevant social media channels were found to be misleading genuine users by asking them to register on unreliable cryptocurrency websites.

One such example is Bot Bro, which lures consumers to untrustworthy crypto platforms by providing free life insurance up to one crore and five TLC coins.

An e-commerce website selling jewellery registered on October 3, was found to be requesting users to download an application embedded with an Android Trojan.

This website had the "Diwali" keyword in its domain name.