- Cyberpeace Foundation found that domain links created for the scams were registered in China to an entity called Fang Xiao Qing. Domains were registered using Alibaba’s cloud computing platform
NEW DELHI: Chinese threat actors, based out of Guangdong and Henan provinces, targeted millions of Indians with shopping scams during festival season sales in October and November, according to findings of Cyberpeace Foundation, a cybersecurity think tank.
The hackers created spurious links and asked users to click on them to participate in online contests and win prizes. The links were disseminated through WhatsApp messages and are believed to have been sent to millions of Indians.
Some of these scam contests used elements from actual sales campaigns used by Amazon India and Flipkart to make them look legitimate and trick users.
For instance, “Big Billion Days Spin the Lucky Wheel” and “Amazon Big Billion Day Sale” surfaced within days of Flipkart announcing its Big Billion Day Sale.
During their investigation, Cyberpeace Foundation found that domain links created for the scams were registered in China specifically in Guangdong and Henan province to an organisation called Fang Xiao Qing. These domains were registered using Alibaba’s cloud computing platform. The links used for the scams are still operational and active.
To send the scam links and make their accounts look legitimate, hackers created fake accounts using fake images and comments.
“E-commerce scams are not new but what’s more alarming is the covert cyber warfare Chinese entities are launching in India on a repeated basis,” Vineet Kumar, Founder and President, CyberPeace Foundation said in a statement.
Kumar warns, the information collected through these scams can be used to undertake more such cyber-attacks especially targeted at internet users in Tier 2 and Tier 3 cities where awareness about such scams are low.
India has been frequently targeted by Chinese and North Korean threat actors. Following the border dispute with China in May- June, such attacks have risen. In June, cyber intelligence firm Cyfirma had warned several government agencies, media houses, pharma companies, telecom operators and a large tyre company of a possible cyberattack by Gothic Panda and Stone Panda, two well-known hacking groups with direct affiliation to the China’s PLA (People’s Liberation Army).