New Delhi: WhatsApp messages masquerading as the offers from Tata Group and Amul with links luring unsuspecting users with the promise of Anniversary Celebration presents, have been making the rounds on the app recently. If you receive such messages try to stay away from them, as these can be a scam.
The Research Wing of CyberPeace Foundation along with Autobot Infosec Private Limited has conducted two different studies based on these WhatsApp messages that contained links pretending to be a free gift offer from Tata Group and Amul which ask users to participate in a survey in order to get a chance to win a Tata Nexon EV and Rs. 6000 respectively.
Warning Signs
- Both the campaigns are pretended to be the offer from Tata Group and Amul but hosted on the third-party domain instead of the official website of Tata Group or Amul which makes it more suspicious.
- The domain names associated with the campaign have been registered in very recent times.
- Multiple redirections have been noticed between the links.
- No reputed site would ask its users to share the campaign on WhatsApp.
- The prizes are kept really attractive to lure the laymen.
- Grammatical mistakes have been noticed.
On the landing page, a Congratulations message appears with an attractive photo of a Tata car and asks users to participate in a quick survey in order to get a “Tata Nexon EV”. The Amul link showcases an Amul logo and asks users to take the survey to win 2000 Euros.
Also, at the bottom of this page a section comes up which seems to be a comment section where many users have commented about how the offers are beneficial.
Both the surveys start with some basic questions like Do you know Tata or Amul Group? How old are you? What do you think of Tata or Amul Group? Are you male or female? etc.
Once the user answers the questions a “congratulatory message” is displayed. After Clicking the OK button users are given three attempts to win the prizes.
After completing all the attempts, it says that the user has won TATA Nexon EV while the Amul 75th Anniversary link says you have won 2000 Euros.
The congratulatory message, as it appears on the screen
Clicking on the ‘OK’ button, it instructs users to share the campaign on WhatsApp. Strangely enough, the user has to keep clicking the WhatsApp button until the progress bar completes. After clicking on the green ‘WhatsApp’ button it shows a section where a congratulations message appears once again.
During the analysis, the research team found a JavaScript code called hm.js was being executed for both the campaigns in the background from the host hm[.]baidu[.]com which is a subdomain of Baidu and is used for Baidu Analytics, also known as Baidu Tongji. The important part is that Baidu is a Chinese multinational technology company specializing in Internet-related services, products, and artificial intelligence, headquartered in Beijing’s Haidian district, China.
To read the full reports click here:
www.cyberpeace.org/CyberPeace/Repository/20211011Research-Report-on-Amul-75th-Anniversary-Scam.pdf
The detailed study helped CyberPeace and AutoBot Infosec Pvt. Ltd. to come to the following conclusions
- The whole research activity was performed in a secured sandbox environment where the WhatsApp application was not installed. If any user opens the link from a device like a smartphone where the WhatsApp application is installed, the sharing features on the site will open the Whatsapp application on the device to share the link.
- The campaign collects browser and system information from the users.
- Cybercriminals used Cloudflare technologies to mask the real IP addresses of the front-end domain names used in the free gift campaigns. But during the phases of investigation, the research team has identified a domain name that was requested in the background and has been traced as belonging to China.
CyberPeace Advisory suggests:
- CyberPeace Foundation and Autobot Infosec recommend that people should avoid opening such messages sent via social platforms.
- If at all, the user gets into this trap, it could lead to whole system compromise such as access to the microphone, Camera, Text Messages, Contacts, Pictures, Videos, Banking Applications, etc as well as financial losses.
- Do not share confidential details like login credentials, banking information with such a type of scam.
- Do not share or forward fake messages containing links without proper verification.
- There is a need for International Cyber Cooperation between countries to bust the cybercriminal gangs running the fraud campaigns affecting individuals and organizations, to make Cyberspace resilient and peaceful.