Diwali is just around the corner and many users will be scampering for their festive shopping. since online shopping is cool, fast and easy these days.
India has come of age when it comes to online shopping. Many Indians are turning towards this easier mode of purchase which is less time consuming and comes with better bargains, but it is also turning out to be an easy hunting ground for opportunistic cybercriminals. Scammers and fraudsters are once again doing the rounds with out-of-the-world offers and speedy deliveries to users’ doorstep.
In the sample case discussed below, third-party mailers and spammy domains that are recently registered .in TLDs (top level domains) are being used for nefarious web activities. The samples discussed below illustrate how the spammers have conducted a thorough study of India’s online shopping environment, and customized their campaigns accordingly.
Subject: This Diwali Gift Bxxxx – A Rare Collection of Modern & Stylish Home Utility Products
From: “Bxxxx” <edm@XXXXX.co.in>
The spammer has garbed the domain to show that the message is from an Indian brand. They also used a top level domain in the “From” line, to trick the user.
In the second sample message, the spammer tries to woo the user by offering a very big discount on branded watches. Similarly, an Indian brand is spoofed to disperse spam using third party mailers.
Subject: DIWALI DHAMAKA Upto 80% Off On Watches, Clothing & Accessories
From: “BXXX TXXXX” admin@XXXXX.org
The spamming process does not stop here. Once the user has started flipping pages on the spammy website, and has chosen items to purchase, spammers shift their gear to phishing, where the user falls into the trap of paying for chosen items in the cart with their debit/credit card details.
Before going on an online shopping spree, Symantec advises users to pay attention to the following:
- Avoid shopping at unknown websites
- Be careful while clicking on offers from forwarded messages
- Do not fall for discounts that turn out to be scams
- Be attentive when doing payments
- Unsecured personal smartphones and mobile devices make online shopping more dangerous
- Beware of third party online shopping applications for your hand held devices that can infect it with malware
- With the increasing use of such utility devices to do online purchases, booking of tickets, shopping, payments, and storage of personal data on-the-go.
Symantec makes every effort to keep you safe this festive season. Let us help you be safe, don’t forget to update your antivirus signatures. We wish you and your loved ones a safe and hassle-free Diwali.