We are only a days away from Diwali. While there’s festive cheer all around, major festivals have always been a target for cyber criminals, since there is so much public involvement. Symantec now reveals that it has observed that Diwali is the latest event that malware authors and spammers are using to trick unsuspecting users into downloading malware, buying products, and falling for scams. It goes on to reveal that as people start booking family trips, prepare for shopping online for gifting their loved ones, various online companies offer goodies, discounts and freebies, it’s not difficult to fall prey to an out of the world offer – considering all the excitement around.
Do not make it a Happy Diwali for them
While some would believe that emails were the most common mode of tricking users, Symantec has observed that cyber attackers use various techniques to make the most of Diwali.
Shedding more light on the recent developments in this space, Symantec had earlier shared that those behind dubious antivirus or misleading application software are getting into the act as well. These people work towards infecting web search engine results, thereby being able to take advantage of the spike in web search activity that accompanies a popular event.
Giving an example, Symantec shares that a few years ago, they observed in the spam message selling a database CD of contacts (names, email addresses, ages, phone numbers), the word 'Diwali' was inserted to make it more enticing for recipients who were offered a database CD of 57,000 Indian companies (SMEs). In other examples, recipients were offered memberships to reputable holiday clubs. In fact, considering people tend to travel during the holidays, Symantec also found many URLs redirecting users to travel-related sites. These kinds of spam messages have been around for quite some time, but there may be rise in the messages with Diwali approaching in a few days.
Symantec has been observing the rapid global expansion of ransomware scams. It has been brought to light that cybercriminals are extorting over $5 million a year from victims of ransomware. Worryingly, upto 2.9 percent of victims end up paying ransoms – a significant number considering that the fees range up to $460 and a single gang was observed attempting to infect 495,000 computers over just an 18 day period. It also highlights the professionalisation of ransomware as it becomes a popular ploy among numerous cybercrime gangs.
“Of particular note is the use of social engineering to convince users that they are being required to pay a fine by local law enforcement for browsing illicit materials,” shares Symantec further.
“Cyber-attackers make use of social engineering tactics to lure users to purchase from or register on unknown websites. Users may be exposing personal information to Internet scammers. We advise users to be cautious when handling unsolicited offers or unexpected emails related to Diwali,” said Shantanu Ghosh, VP and MD, India Product Operations, Symantec.
It is on this premise now that Symantec has shared ways in which one can protect oneself from a potential cyber attack during Diwali. So, when you feel tempted to click on a link in an email, carry out the following checks:
- Is this an unsolicited email offer?
- Is this website authentic? Does it use any authentication services?
- Is the website asking for unnecessary personal information such as passwords or pin numbers?
Cover Image credit: Getty Images