Phishers and Scammers look out for every opportunity to fool gullible people by sending out messages which appear to come from some well known companies or entities.
The objective of such hoax messages may be
a) Just spam for fun
b) Spam so that the ISPs benefit with better bandwidth usage, say by asking people to spread the message through WhatsApp
c) Collect information about users
d) Make users click on malicious links and implant trojans for committing further frauds ..etc
One such message surfaced today on a Whats App group with the following message.
Quote:
Good News For Jio Users
Activate Jio Sim Unlimited Data with EXTRA 1 YEAR Validity FREE with unlimited 4G till DECEMBER 2017 Click here to Activate Now
? www.jioupgrade.com
Share with your friends and groups so They also can get extra 1 year Free . Thanks friends !
Unquote:
Obviously, the message is well timed to attract the users who might have missed the Jio Offers lapsing on March 31st.
However, this message appeared to be a fraudulent message aimed at attracting users to share their telephone numbers with the website.
The website is mirrored from “jiosim-extra-1year.ml/ by HTTrack Website Copier/3.x [XR&CO’2014]” .
The website is registered in the name of naman.arora21134@gmail.com, with telephone number 9876543210, with a vague address, “Jio upgrade, 5th Hyderabad, 500013”
It is interesting to note that the site resolves to a https address which makes some believe that this is a genuine secure website.
.ml refers to Mali and it appears that jiosim-extra-1year.ml has been registered by some fraud syndicate which runs a service to mirror another website and run it along with Google Ad scripts to generate ad revenue. Obviously, it can also be used to commit phishing attacks and DDOS attacks. The identity of the owners of this website with .ml extension is being guarded by the service providers and in my view are considered part of the fraud syndicate.
The exact benefit this naman.arora21134@gmail.com would like to derive from this fraudulent spamming is yet to be ascertained. I request security experts to check the source code on the page available hereĀ
At first glance it appears to be an attempt to steal the telephone numbers, E Mail address and internet access details of the person responding to this invitation. I suppose this will later be exploited for further spamming through SMS /Email messages and possibly with malicious code injections.
If both the email address and mobile numbers are registered for banking transactions, we must be alive to the possibility that the spammer may get opportunities to inject malware to commit financial frauds by taking over the Bank account.
At this point of time, there is sufficient indication to believe that several offences under ITA 2000/8 have been committed primarily by naman.arora21134@gmail.com whose real identity can be obtained from Google along with his bank details to which the ad revenues are being programmed to be credited.
Hyderabad police needs to act and they also have a mobile number to start their investigation apart from the gmail address and Google Analytics ID.
Jio also should file a complaint as this is an impersonation and an offence under Section 66C ad 66D of ITA 2000/8. If Jio ignores the impersonation, any affected party may claim the damages that he may suffer from Jio for not exercising due diligence even after it was brought to their notice through this public blog post.
I wish Hyderabad police start their investigation without waiting for Jio to file its complaint or even register a complaint for enquiry and send notice to Jio why action should not be taken against Jio for not taking efforts to prevent such impersonation through public notices.
I agree that there are many such frauds but the beneficiaries of such fraud such as the intermediary hosting organizations, domain name registrars etc must be made answerable. Without pulling up such intermediaries and make them exercise caution before registering fraudulent website names, internet frauds cannot be checked.
I request receivers of this email to ignore the message and not circulate the message further.
Naavi
