Fake IRCTC app among 6 major online scams targeting users during festive season- All details
As the festive season is approaching and people are turning to online shopping and paying for their festivities. Another thing coming up is online fraud and scams. Cyber security company Quick Heal Technologies has issued an advisory highlighting significant threats targeting internet users. Cybercriminals continually evolve their strategies, exploiting a variety of platforms to deceive unsuspecting individuals. Experts from Seqrite Labs have identified important trends in digital fraud.
Bank reward fraud
Scammers use social engineering techniques to convince users to download harmful APK files. They often create urgency with announcements like “Today only” or “Last day!” to attract users. Scammers promise exciting rewards, such as “Sign up now to receive free gifts worth $$$” or create fear with warnings such as “Your account has been blocked due to KYC update”. These schemes can lead to financial loss, theft of personal data, phishing for banking credentials, and unauthorized transactions. Once they gain access to the victim’s device, the attacker can exploit it further.
Also read: Download movies for free? You could fall victim to ‘Peaklight’: What it is and how it works
Fake IRCTC app
A fake app impersonating the official IRCTC platform has been discovered. This spyware can steal login information from Facebook and Googleextract codes from Google Authenticator, track GPS location, and even record video with your device’s camera. The application collects data on installed applications and transmits that data to the command and control (C2) server.
Festival-related scams
As holidays like Diwali, Dussehra and Christmas approach, Quick Heal warns of increased cybercrime activity targeting shoppers. Fraudsters create fake domains that mimic legitimate shopping sites, such as “shoop.xyz”, which resembles “shop.com”. They distribute malicious links disguised as festive giveaways via WhatsApp, SMS and email, often using shortened URLs to hide their true nature. Victims who click on these links are met with forms requesting personal information as well as access to contacts and messages. Scammers exploit urgency by encouraging users to share offers with others.
Also read: Smart Reply Powered by Google Gemini Coming to Gmail- All the Details
Gift card fraud
Scammers are also targeting e-commerce customers with fraudulent messages claiming they have won prizes or gift cards. These messages, sent via SMS, email or social media, typically read: “Dear customer, congratulations! You have won…” Users are instructed to click on a link to claim their prize their rewards, leading to malicious websites collecting personal data.
Income tax refund scam
One new scheme involved contacting individuals about fake tax refunds. Fraudsters use SMS, WhatsApp or email to urge victims to update their account details to receive a refund. Frequent notifications read, “Your income tax refund of Rs. XXXX has been approved. Please verify your account number XXXX,” leading to unauthorized access to the victim’s account.
QR code scam
Scammers exploit the popularity of QR codes by sending malicious code via text message, social media or email. Scanning these codes redirects users to fake websites designed to steal personal and financial information. In some cases, scanning can lead to the download of malware that compromises the user’s device.