Cyber-security researchers in India recently busted a malicious free gift campaign that pretended to be from Tata Motors. The campaign was collecting the user’s data and has been traced back to the China-based hackers.
CyberPeace Foundation Traced Fake Tata Motors Campaigns Via WhatsApp
As per the statement released by the research wing of New Delhi-based CyberPeace Foundation, they received some links via WhatsApp which related to a free gift offer from Tata Motors. The research team said that the campaign was hosted on a third-party domain and not on the official website of Tata Motors which made it even more suspicious.
If any user opens the link from a device like smartphones where WhatsApp was installed, the sharing feature on the website would open the application to share the link.
The team said that the prizes are really attractive to lure the laymen. The title of the fake website goes by the name “Tata Motors Cars, Celebrates sales exceeding 30 million”.
Even on the landing page, a congratulations message appears with an attractive photo of the Tata Safari car. Along with this, it also has a survey for the users to participate in to get a free TATA Safari vehicle.
The research team revealed that the bottom of the page has a Facebook comment section that features comments about how the offer is beneficial to all. After clicking the OK button, users are given three attempts to win the prize. After completing all the attempts, it says that the user has won “TATA SAFARI”.
“Congratulations! You did it! You won the TATA SAFARI!” Clicking on the ‘OK’ button, it then instructs users to share the campaign on WhatsApp.
After completing the process, the users have to click on the WhatsApp button to complete the progress bar. After clicking on the “complete registration” button, it redirects the users to multiple advertisement web pages which vary with each click.
Domain Background Traced Back to China
The researchers further revealed that upon investigation they found out that the cybercriminals used Cloudflare technologies to hide the real IP addresses of the front-end domain names.
They also revealed that the domain name was traced back to China. CyberPeace Foundation, a think tank and grassroots NGO of cybersecurity and policy experts, along with Autobot Infosec Private Limited looked into this matter to realise that these websites are online fraud. The Foundation recommended that people avoid opening such messages sent via social platforms.