Published on: Tuesday, Tue, 26 Sep 2023 ● 3 Min Read
In the midst of the G20 summit, the global community comes together to address critical issues facing our world. However, in the digital realm, a new threat has emerged - cybercriminals exploiting the G20 spirit to deceive internet users.
The string of messages received during this scam
A recent report prepared by CyberPeace, in collaboration with Autobot Infosec Private Limited and academic partners under the CyberPeace Center of Excellence (CCoE), highlights an online scam falsely associated with Tata Motors, a renowned automotive company.
This fraudulent campaign masquerades as an official Tata Motors promotion, luring unsuspecting individuals with enticing offers. Heres how the scam unfolds:
Attractive Bait: The scam begins with an eye-catching image featuring Tata Motors logo, the G20 logo, and a fleet of cars, designed to capture the attention of potential victims.
Quiz Participation: Users are invited to participate in a quiz promising a free Tata Motors gift as a reward.
Fake Congratulations: Upon completion of the quiz, a congratulatory message is displayed, further enticing users.
Gift Attempts: Users are given three attempts to claim their prizes, presented as multiple gift boxes.
Social Sharing Pressure: Instructions prompt users to share the campaign via WhatsApp, creating a sense of urgency and legitimacy.
Key findings from the study includes:
Unofficial Website: The campaign does not reside on Tata Motors official website, raising red flags.
Redirections: Multiple link redirections indicate a lack of transparency.
Unusual Sharing Request: Legitimate campaigns rarely demand sharing via WhatsApp.
Too Good to Be True: The promised prizes are exceptionally attractive, a classic tactic to ensnare unsuspecting victims.
Grammar Errors: Grammatical mistakes within the campaign content hint at its fraudulent nature.
The domain names associated with the campaigns have the registrant country as China.
Cybercriminals used Cloudflare technologies to mask the real IP addresses of the front end domains. The research team uncovered a China-linked analytical service in the backend during the investigation.
"Internet users must remain vigilant against these nefarious threats. It is paramount to exercise caution and double-check before interacting with suspicious links or attachments. There is a need for international cyber cooperation between countries to bust the criminal gangs running the fraud campaigns affecting individuals and organisations to make Cyberspace resilient and peaceful," commented a spokesperson from CyberPeace.
CyberPeace Advisory:
Refrain from opening messages received via social platforms that seem suspicious or unsolicited. Your initial discretion can be your best defence.
Falling prey to such scams could compromise your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Protect your digital castle from invasion.
Never, under any circumstances, share confidential information such as login credentials or banking details with entities you havent verified as trustworthy.
Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
To confirm the authenticity of offers and messages, reach out directly to official sources and companies. Verify the legitimacy of enticing offers before taking any action.
About CyberPeace
CyberPeace Foundation is a leading not for profit organisation dedicated to enhancing cybersecurity and ensuring a safer digital landscape for all. They work tirelessly in collaboration with various partners to conduct research, raise awareness, and advocate for CyberPeace norms.