Chinese websites stealing information with free Diwali gift offers: CERT-In

Diwali Gift Scam, Chinese Website: If you have received social media links to websites which promise free Diwali gifts, there is a good chance that the link is to a website trying to steal your information. According to an advisory issued the Indian Computer Emergency Response Team (CERT-In), users are being targeted with such links that lead to Chinese websites that can steal important information including banking details.
“Fake messages are in circulation on various social media platforms (WhatsApp, Instagram, Telegram etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asks to share the link among peers on WhatsApp/Telegram/Instagram accounts,” said the CERT-In advisory.

The national cybersecurity agency said that most of these websites use Chinese .cn domain extensions, while others use extensions such as .xyz and .top.
How it works
First, the user receives a message containing this link. It could come from other victims who have been asked to share the link with their friends and family. Once a user clicks on the link, they are first greeted a false “Congratulations” message. After this, they are asked to fill in details in a questionnaire.
After a victim fills in the questionnaire, they are asked to select a “gift” from a set of items. Once a user does that, they are greeted another false congratulations message which asks them to share the message with friends and groups on WhatsApp or other social media platforms in order to claim the prize.
How to avoid this scam
In order to avoid such scams, first, you need to make sure that you don’t click on links to any websites that you do not trust. Even if a link looks like it will take you to a legitimate website, double-check to make sure it is not a variation of some form. In case you have any doubts, search for the website on Google or other search engines to see if they are legitimate.
Remember that legitimate organisations will not ask for your login details, credit card number or other credentials through questionnaires. Further, make sure you keep your personal information private and don’t share it unless it is with legitimate websites.
Since such attacks typically involve fraudulent financial transactions, set transfer limits for UPI and other transactions through your bank so that you reduce any exposure you could have.