KOCHI: Links to a fake India Post website being circulated on social media have been identified as the latest instance of phishing attack targeting mobile phone and computer users. Clicking on the links takes users to a fake India Post website having a Chinese connection. They can give fraudsters access to users’ devices. Cyber experts suspect that the links are being widely shared as they promise users rewards for sharing with friends and relatives.
Technisanct, a cybersecurity startup headquartered in Bengaluru and having a research centre in Kochi, has decided to approach the Indian Computer Emergency Response Team (CERT) against the scam. “Attempts are being made to alert India Post. The links are being circulated with the claim that a reward of `6,000 after users share it,” said Technisanct founder and CEO Nandakishore Harikumar.
Technisanct found that the fraudsters used US-based Cloudflare for creating the website. The top domain (often used for malware and phishing) is linked to China. The sponsoring organisation of the website is Jiangsu Bangning Science and Technology, Yuhuatai District, Nanjing city, Jiangsu Province, China. The startup said URLs are changed regularly to evade action. It said it could identify around 20 India Post-related URLs in circulation.
“They have avoided a direct mention of India Post from the full domain name and have used government logos. So, in-depth solutions backed by artificial intelligence are required to counter the issues. We are analysing data about the activities of such websites. We will be sharing the information with CERT and India Post,” Nandakishore said.
He said such phishing attacks are becoming common in India. “After a request is submitted to take down a fake website, corrective action takes several hours, even days. Such continuous phishing attacks show that every brand needs to gradually start using brand monitoring solutions to proactively identify the issue and stop the phishing and duplicate websites from spreading,” he said.
A police officer with Kerala Police’s Cyberdome said rewards or sensational information often lure people into clicking and circulating such links. “Money loss due to this is rarely reported. However, people don’t realise that by clicking such links, they are also compromising the security of their devices,” he said.
Clickbait
A police officer with Kerala Police’s Cyberdome said rewards or sensational information often lure people into clicking and circulating such links.