Cyber-security researchers in India have unearthed a scam that pretends to be a celebratory offer from Tata Motors. CyberPeace Foundation, a New Delhi-based organization, had received some links on Whatsapp that were being spread as a free gift offer, with the Tata Safari being the bumper prize. However, the said campaign is being hosted on a third-party domain not related to Tata Motors. It has turned out so that this malicious free gift campaign collects browser and system information as well as the cookie data from the users.
A statement issued by CyberPeace reads, "The campaign is pretended to be an offer from Tata Motors but hosted on the third-party domain instead of the official website of Tata Motors which makes it more suspicious. The prizes are kept really attractive to lure the laymen." The title of the fake website has been kept as "Tata Motors Cars, Celebrates sales exceeding 30 million." On the landing page, a user is greeted by a congratulations message with a photo of a Tata Safari. The user is then asked to participate in a quick survey to get the flagship SUV free of cost.
"Also, at the bottom of this page, a section comes up which seems to be a Facebook comment section where many users have commented about how the offer is beneficial," the research further revealed. Once the user hits the 'OK' button, he is given three attempts to win the prize. On completion of the attempts, he is informed that he has won the Safari through a congratulatory note - "Congratulations! You did it! You won the TATA SAFARI!" Clicking on the 'OK' button, the website then instructs users to share the campaign on WhatsApp.
Next, the user needs to click the WhatsApp icon to complete the entry. However, once the 'Complete Registration' button is clicked, the unsuspecting participant is redirected to numerous advertisement websites. The researchers have revealed that while the cybercriminals used Cloudflare technologies to cover their IP addresses, they could identify a domain name that was requested in the background and was traced as belonging to China. The researchers have requested anyone coming across the link to the free Tata Safari campaign to avoid clicking on the URL.
Launched in February this year, the third-gen Tata Safari has every SUV-lover worth his salt sit up and take notice. In fact, the carmaker has garnered a pretty good response from the car buyers as many have rushed to order the latest iteration of what was once the most iconic SUV of its times. It looks like the Chinese scamsters are trying to use this craze for the flagship Tata SUV to trap unsuspecting internet users.