In a covert attack on millions of Indians, Chinese hackers targeted online shoppers during the festive months of October and November. According to CyberPeace Foundation, a cybersecurity think tank, hackers from China’s Guangdong and Henan provinces mounted multiple attacks on unsuspecting Indians during the peak sale season in India.
These hackers created fake URLs disguised as offers by Flipkart and Amazon and lured the netizens to click on them with bogus prizes. These links were disseminated through WhatsApp targeting many online shoppers in India.
The modus operandi of the hackers involved imitating the actual sale campaigns of e-commerce such as Flipkart and Amazon to make them look more credible.
The CyberPeace Foundation report said although the festive season sale was a success for Indian e-commerce companies, the opportunity was used by hackers to target millions in India.
The investigation by the think tank concluded that scams such as ‘Big Billion Days Spin the Lucky Wheel Scam’ and ‘Spin The Lucky Wheel Scam’ was created by Chinese hackers and spread through messaging platforms and social media platforms such as WhatsApp to target unsuspecting online shoppers.
“E-commerce scams are not new but what’s more alarming is the covert cyber warfare the Chinese entities are launching in India on a repeated basis,” said Vineet Kumar, founder and president CyberPeace Foundation in a statement.
Kumar added that the ‘Spin the Wheel’ scam isn’t new and has been around for a couple of years. He explained that India currently has around 100 million online shoppers and this number is set to increase with which cyberattacks are also likely to go up.
“The information collected via these scams can be used to undertake more such cyber-attacks, especially targeted at internet users in Tier-II and Tier-III cities where awareness about such scams are low,” he added.
Chinese hackers launched ‘Spin the lucky wheel scam’ within days of Flipkart announcing the Big Billions Days sale and emulated it to create similar-looking fraud ‘Amazon Big Billion Day Sale’.
These contests lured customers with fake contests promising OPPO F17 Pro smartphone in winnings. Those who clicked were then asked to share the link with their contacts.
CyberPeace Foundation said it used open-source investigative tools and methods to examine the links and found that all domain links were registered in China’s Guangdong and Henan provinces. The links were specifically linked to an organisation called Fang Xiao Qing.
CyberPeace alleged that hackers registered these domains on Alibaba’s Cloud computing platform. These spurious links remain active and continue to target people.