Menu

Cybercriminals Target Indians With Fake Covid-19 Subsidies

A research study claims website domain names have links to China.

NEW DELHI — Cybercriminals are targeting Indians with WhatsApp messages claiming to offer Covid-19 subsidies of INR 50,000 ($674.4), according to a study from the research wing of think tank CyberPeace Foundation and cybersecurity services firm Autobot Infosec.

The research wing of CyberPeace Foundation received WhatsApp messages containing a link that claimed people could earn INR 50,000 ($674.4) as a Covid-19 subsidy.

On the landing page of the web link shared, a congratulations message appears with the offer details, which promises to give a subsidiary of INR 50,000 ($674.4) to INR 100,000 ($1,348.8) in the name of the ‘Coronavirus Foundation’.

After scrolling down the page, it asks users to answer questions like gender, age, or if the user or their family members were affected by the Covid virus.

Once the user finishes the survey, a congratulatory message is displayed with a ‘Click to Claim’ tab. After the announcement, the site prompts the user to send the message to five other contacts over WhatsApp’s instant messaging service.

After an in-depth study of the messages and the URLs used, the research team found that the campaign pretends to be an offer from ‘Coronavirus Foundation’.

“If the foundation really exists, the campaign should have been hosted on the official website of the foundation instead of a third-party domain, which makes it more suspicious,” the study said.

On June 17, India launched a national helpline number to report cybercrimes.

The research wing of CyberPeace Foundation received WhatsApp messages containing a link that claimed people could earn INR 50,000 ($674.4) as a Covid-19 subsidy. (Christian Wiediger/Unsplash)

“If you’ve lost money in an online fraud, immediately call national helpline 155260 for preventing financial loss due to cyber fraud,” cybersecurity author Brijesh Singh tweeted.

The research team also found that all the domain names associated with the campaign have China as the registrant country. The Prizes are kept attractive to lure users with multiple redirections between the links, the think tank found.

During analysis focused on the background behavior of the site, the researchers noticed a simultaneous connection was being established to a domain that again belonged to China.

The research wing of CyberPeace and Autobot Infosec initiated a study to check for the legitimacy of websites offering these Covid-19 subsidies and came up with several warning signs.

Some warning signs on these websites include multiple redirections between the links, grammatical mistakes in the messages, the campaigns not hosted on the official website of the foundation, and attractive prizes to get users to share personal data.

Based on the study, the CyberPeace Foundation recommends that people avoid opening such messages sent through social media platforms, and falling for the trap could compromise data like texts, contacts, pictures, banking applications, etc.

“These fake links could also lead to financial loss for the users,” CyberPeace said.

(With inputs from ANI)   

(Edited by Abinaya Vijayaraghavan and Amrita Das)