Cyber Criminals Send Fake WhatsApp Messages to Indian Users About Covid-19 Subsidy of Rs 50,000

CyberPeace Foundation has warned people about fake WhatsApp messages claiming that people are eligible for a COVID-19 subsidy of Rs 50,000. The Research Wing of CyberPeace Foundation and Autobot Infosec initiated a study to check whether these websites are legitimate or online fraud. The Research Wing of CyberPeace Foundation had received fake WhatsApp messages containing a link claiming people can earn Rs 50000 as COVID-19 subsidy. The message read as follows:

“Get your new Coronavirus subsidy 50,000 INR. Click to receive amtb8.77esport.com.”

On the landing page, a congratulations message appears with the offer details which promises to give a subsidiary of 50000 INR to 100000 INR in the name of the Coronavirus foundation. Upon scrolling further down, it asks the user to answer a few questions like gender, age or if the recipient or their family members were affected by Covid. Once the user finishes the survey, a congratulatory message is displayed with a ‘Click to Claim’ tab. Furthermore, it prompts the user to send the message to five other contacts over WhatsApp.

Warning Signs of Fake WhatsApp Messages

• The campaign is not hosted on the official website of the respective foundation.
• Multiple redirections have been noticed between the links.
• No reputed site would ask its users to share the campaign on WhatsApp.
• The prizes are kept really attractive to lure the laymen.
• Grammatical mistakes have been noticed.

Truth About These Fake WhatsApp Messages

After an in-depth study of the messages, the URLs it used, the research team found that the campaign is pretended to be an offer from “Coronavirus Foundation”, if the foundation really exists, the campaign should have been hosted on the official website of the respective foundation instead of any third party domain which makes it more suspicious.

• The research team found multiple redirections between the links.
• The prizes are kept really attractive to lure the laymen.
• All the domain names associated with the campaign have the registrant country as China.

During the phase of analysis especially focused on the background behaviour of the site, the Research Team noticed a simultaneous connection was being established to a domain listentome.oss-ap-southeast-1<.>aliyuncs.com. Which again belongs to China.

Recommendations from CyberPeace Foundation on Fake WhatsApp Messages

• People must avoid opening such messages sent via social platforms.
• Falling for this trap could lead to whole system compromisation such as access to microphone, camera, text messages, contacts, pictures, videos, and banking applications as well as financial loss for the users. One must always think before clicking on such links, or downloading any attachments from unauthorized sources.
• Sharing of confidential details like login credentials, banking information should not be done with such a type of scam.
• Sharing or forwarding fake messages containing links with any social platform without proper verification should be avoided.