Diwali is just around the corner and many users will be doing their festive shopping online since online shopping is cool, fast and easy these days.
India has come of age when it comes to online shopping. Many Indians are turning towards this easier mode of purchase, which is less time consuming and comes with better bargains. But online shopping is also turning out to be an easy hunting ground for opportunistic cybercriminals. Scammers and fraudsters are once again doing the rounds with "out-of-the-world offers and speedy deliveries" to users’ doorsteps.
In the sample case discussed in this blog, third-party mailers and recently registered spammy domains are being used for nefarious Web activities. The samples discussed below illustrate how the spammers have conducted a thorough study of India’s online shopping environment, and customized their campaigns accordingly.
Subject: This Diwali Gift B[REMOVED] – A Rare Collection of Modern & Stylish Home Utility Products
From: "B[REMOVED]" <[email protected][REMOVED].co.in>
Figure 1. Spam email using the holiday period as a lure
The spammer has disguised the domain to make it appear that the message is from an Indian brand. They also used a top level domain (TLD) in the "From" line, to trick the user.
In the second sample message, the spammer tries to woo the user by offering a very big discount on branded watches. Similarly, an Indian brand is spoofed to disperse spam using third-party mailers.
Subject: DIWALI DHAMAKA Upto 80% Off On Watches, Clothing & Accessories
From: "B[REMOVED] T[REMOVED]" [email protected][REMOVED].org
Figure 2. Spam email, which tries to entice users with discounted watches
The spamming process does not stop here. Once the user has started flipping pages on the spammy website, and has chosen items to purchase, spammers change gears and start phishing, attempting to get the user to fall into the trap of paying for chosen items in the cart with their debit/credit card details.
Before going on an online shopping spree, Symantec asks users to pay attention to the following advice:
- Avoid shopping at unknown websites
- Be careful while clicking on offers from forwarded messages
- Do not fall for discounts that turn out to be scams
- Be attentive when doing payments
- Be concious that unsecured smartphones and mobile devices make online shopping more dangerous
- Beware of potentially malicious third-party online shopping applications
Symantec makes every effort to keep you safe this festive season. Let us help you be safe, don’t forget to update your antivirus signatures. We wish you and your loved ones a safe and hassle-free Diwali.