Chinese hackers targeted shoppers during Flipkart festive sales
The biggest festive sale hacking emerged via 'Spin The Lucky Wheel Scam' that emerged within days of Flipkart announcing its 'Big Billion Day Sale' in the month of October, said the investigation conducted
New Delhi: China-based hacking groups are leaving no stone unturned in attacking Indians and a new report revealed on Friday that fraudsters from GuangDong and Henan province in China targeted online shoppers during the record-breaking Flipkart festive season sales.
The biggest festive sale hacking emerged via ‘Spin The Lucky Wheel Scam’ that emerged within days of Flipkart announcing its ‘Big Billion Day Sale’ in the month of October, said the investigation conducted by New Delhi-based CyberPeace Foundation.
Chinese scammers used this opportunity to create a similar-looking scam called ‘Amazon Big Billion Day Sale’ (Amazon actually has its festive season sales called the ‘Great Indian Festival’).
Internet users in India were sent spurious links to click on and participate in a contest where individuals could win an OPPO F17 Pro (Matte Black, 8 GB RAM, 128 GB Storage) smartphone.
“People who were duped into believing that they had won the phone as a prize would be asked to share the link via WhatsApp to their friends and family,” the report said.
All the domain links were found registered in China specifically in the Guangdong and Henan province to an organisation called ‘Fang Xiao Qing.’
The hackers registered these domains on Alibaba’s cloud computing platform, the report mentioned.
“E-commerce scams are not new but what’s more alarming is the covert cyber warfare Chinese entities are launching in India on a repeated basis,” said Vineet Kumar, Founder and President, CyberPeace Foundation.
‘Spin the Wheel’ scam is not a new phenomenon and has been around for over a couple of years.
“Research says India has over 100 million online shoppers and as more people come online, we expect more such scams to take place,” Kumar added.
The festive online sales in India beat industry estimates to clock $8.3 billion (nearly Rs 61,253 crore) in the October 15-November 15 period — an impressive growth of 65 per cent (on-year).
The gross merchandise value (GMV) numbers increased from $5 billion last year up to $8.3 billion this year, riding on the massive orders coming from smaller cities and towns, according to homegrown consulting firm Redseer.
According to the market research firm, Flipkart Group emerged as the leader during the whole festive month with 66 per cent share of the total sale.
According to Kumar, the information collected via these scams can be used to undertake more such cyber-attacks, “especially targeted at internet users in Tier 2 and Tier 3 cities where awareness about such scams are low.”
The Chinese hackers hosted the online links across Belgium and the US.
“As of today, these links are still found to be operational and active. Hackers used fake images and comments to create fake accounts on social media platforms to make the contest sound legitimate,” the report said.
“One of the images in these accounts has been used in the past for a call girl service in India. The comments used were also similar to each other in nature”.
CyberPeace Foundation deployed open-source investigative methods to examine the links and found that all the domain links were found registered in China.
“The URL used for the contest redirects to multiple random sites all of which are fake.
“The Big Billion Days is a campaign by Flipkart but hackers used the massive public interest in the campaign to make it seem as if the contest was being run by Amazon,” the report mentioned.
