March 30, 2024
Credits: Ather Energy

A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands.

The fraudulent operation relies upon the abuse of Google Ads and SEO to draw victims to hundreds of fake websites targeting the Indian audience.

The campaign was uncovered by Singaporean security firm CloudSEK, which has shared its report exclusively with Bleeping Computer. 

According to analysts Ankit Dobhal and Aryan Singh, the campaign has caused financial damages of up to $1,000,000, coming from tens of thousands of victims.

Taking advantage of state incentives

The government in India has recently introduced favorable policies to boost the growth of the country’s EV (electric vehicle) sector.

These policies are forecasted to bring a growth of 90% (CAGR) for the Indian EV market before the end of the decade, making it a $200 billion sector.

Over 400 EV startups have already launched in the country, while existing automotive companies are also aggressively extending their operations in the emerging field.

Scammers have identified these conditions as a fertile ground for trickery, with an explosion of websites attempting to exploit this sudden boom spiking since August 2021 and remaining in large volumes today.

Moreover, CloudSEK reports having identified a shift in the focus of phishing actors during that period, abandoning banking and finance lures in favor of EV themes.

CloudSEK's detections showing a shift in focus

Read more…

Leave a Reply

Your email address will not be published. Required fields are marked *