Fact Check: A peek into a global factory of scam websites even impersonating the Treasury Department

During the first and second waves of the Covid-19 pandemic, the Center announced economic relief plans for people and businesses. The economy is still struggling right now for a number of reasons. Therefore, the newly announced relief plans are a credible idea.

And some people are already taking advantage of that. One such website pretending to be the Indian Ministry of Finance announced a financial support of Rs. 30,628 and many believe it to be true.

Of course, the Ministry of Finance did not announce any such aid. The Press Information Bureau calls the site a fraud.

But the story doesn’t end there. It has only just begun.

As we peeled off the layers of this website, we came across a global association of hundreds of phishing sites, extending their operations to a number of countries.

Here, we’ll dive into the world of the people running these websites and figure out how they work.

Same scam, multiple sites

The aforementioned “Ministry of Finance” website appears to be built primarily for mobile devices. And phishing sites like this thrive on instant messaging apps like WhatsApp. In a particular case, when you share the URL of that website, the preview will mention “finmin.nic.in”, the URL of the Ministry of Finance website. And that’s to trick people. Of course, if you look at the actual URL that was shared – indangotrs.blogspot.com – you will immediately realize it does not belong to a government organization.

But that’s not the only URL. There are also “indiarsgot.blogspot.com” and “indiarsgot.blogspot.com” and both sites are live at the time of this writing.

All three links are similarly designed to impersonate the Indian Ministry of Finance. Their archived versions can be seen here, here and here.

Squid fishing game begins

Inside these websites, when you click the sign up button, you will be asked to enter your name and share a link with 15 WhatsApp friends or forward the link to five WhatsApp groups. When you do this, another window will open, which will take you to a page with a design from the globally popular Netflix show “Squid Game”.

When you click on the page with the “Ink Game” image, two different links will open. The first link requires you to enter a phone number and call to receive further instructions to join. Such tricks to collect phone numbers are often used for data collection.

The second link will also ask you for your phone number. When you enter your phone number (which you shouldn’t) and continue, a warning will flash on your screen indicating that this malicious site can steal passwords, emails or even credit card details. your use.

Read between lines of code

Websites impersonating the Ministry of Finance are hosted on blogspot.com. This was intentionally done to make it difficult to unmask the people behind them.

If someone tries to find the details of the website using domain investigation tools, only blogspot.com details will be revealed and nothing about the site will be found. hosted on it or its creator.

Then we decided to look at the source code of these sites. Here we find links to three profile pages hosted on blogspot.com: od107, od.company79 and od.company81.

Scanning the sites listed on these profiles uncovered several other Blogspot profile links such as od.company6, od103, od.company42 and od102.

Pandora’s Box

These Blogspot profile pages turned out to be a repository of scams! They contain a long list of phishing websites that are personalized for different countries of the world.

In total, we were able to find 150 active links to phishing sites. We have compiled a list of sites where these can be seen here.

Screenshots of some such websites can be seen below. It is noteworthy that a large portion of these websites are in Arabic. This means that the operators of these sites may have Arabic connections.

Among the phishing links, we found several websites running fake conspiracies under the names of global leaders such as Abdullah II bin Al-Hussein, commonly known by the nickname The King Jordan and UAE Prime Minister Mohammed Bin Rashid Al Maktoum.

Scams are being carried out on behalf of brands and organizations from many countries around the world such as Saudi Arabia, UAE, Egypt, Jordan, Kuwait, Lebanon, Morocco, Qatar and Yemen. For example, fraud schemes are being carried out in the name of ‘Touch‘ and ‘Alpha‘, the leading telecommunications operator in Lebanon. Another fake website is running under the name Carrefour Jordana supermarket in Jordan.

While we are unable to determine who is behind these scam websites, it is clear that scam websites promoting government financial aid and other schemes around the world are being run by a person or a group.

RequestThe Ministry of Finance is providing financial assistance worth Rs. 30,628 for all Indian citizens in light of current financial crisis. InferenceThe Treasury Department has not announced any such subsidies. This is a scam website with links to many scam sites around the world.

JHOOTH BOLE KAUVA KAATE

The number of crows determines the intensity of the lie.

• 1 crow: Half right
• 2 crows: Mostly lies
• 3 crows: Totally wrong