New Delhi, October 27, 2023 – As Navratri festivities commence, a fraudulent online scam targeting the celebratory spirit has come to light. This deceptive campaign, impersonating the esteemed Tanishq Jewellers, entices users with the promise of winning a free iPhone 15. An India- India-artered cybersecurity advocacy global non-profit CyberPeace Foundation has identified the scam during the Navratri festival.
A recent report prepared by CyberPeace Foundation, in collaboration with Autobot Infosec Private Limited and academic partners under the CyberPeace Center of Excellence (CCoE), highlights an online scam falsely associated with Tanishq, a well-known Jewelers Company.
This fraudulent campaign masquerades as an official Tanishq Jewellers promotion, luring unsuspecting individuals with enticing offers. Here’s how the scam unfolds:
- Attractive Bait: The scam begins with an eye-catching image featuring Tanishq’s logo and an outlet, designed to capture the attention of potential victims.
- Quiz Participation: Users are invited to participate in a quiz promising a free Tanishq gift as a reward.
- Fake Congratulations: Upon completion of the quiz, a congratulatory message is displayed, further enticing users.
- Gift Attempts: Users are given a few attempts to claim their prizes, presented as multiple gift boxes.
- Social Sharing Pressure: Instructions prompt users to share the campaign via WhatsApp, creating a sense of urgency and legitimacy.
- Key findings from the study include:
- Unofficial Website: The campaign does not reside on Tanishq’s official website, raising red flags.
- Redirections: Multiple link redirections indicate a lack of transparency.
- Unusual Sharing Request: Legitimate campaigns rarely demand sharing via WhatsApp.
- Too Good to Be True: The promised prizes are exceptionally attractive, a classic tactic to ensnare unsuspecting victims.
- Grammar Errors: Grammatical mistakes within the campaign content hint at its fraudulent nature.
- The frontend domain names associated with the campaigns have the registrant country as China.
- Cybercriminals used Cloudflare technologies to mask the real IP addresses of the front-end domains. The research team uncovered a China-linked analytical service in the backend during the investigation.
“Remaining vigilant is essential. Always double-check suspicious links and attachments. International cooperation is crucial to combat cybercriminals and ensure a secure digital landscape” commented a spokesperson from CyberPeace.
- Exercise Caution with Social Messages: Refrain from opening messages received via social platforms that appear suspicious or unsolicited. Your initial discretion is your first line of defense.
- Safeguard Your Digital Realm: Becoming a victim of such scams can jeopardize your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, photos, videos, banking applications, and more. Protect your digital fortress from intrusion.
- Protect Sensitive Information: Never, under any circumstances, share confidential information like login credentials or banking details with entities you haven’t verified as trustworthy.
- Source Verification is Key: Before sharing any content or clicking on links within messages, always verify the authenticity of the source. This safeguards not only yourself but also those in your digital network.
- Verify Offers and Messages: To confirm the authenticity of offers and messages, reach out directly to official sources and companies. Verify the legitimacy of enticing offers before taking any action.