E-commerce fraud: Chinese hackers targeted e-shoppers during Flipkart’s festive season sale

Amid the continuous crackdown on Chinese apps by the Modi government for allegedly being prejudicial to India’s national security, Chinese hackers have tried to scam millions of Indian e-commerce customers. According to an investigation by the cybersecurity think tank registered with Niti Aayog — CyberPeace Foundation, Chinese fraudsters, and hackers from the GuangDong and Henan province in China used the annual e-commerce sales by Flipkart to scam e-shoppers. The hackers created cyber attacks named “Big Billion Days Spin the Lucky Wheel Scam” and “Amazon Big Billion Day Sale” which were maliciously spread via WhatsApp. The attacks targeted users who were trying to win ‘free products’.

“E-commerce scams are not new but what’s more alarming is the covert cyber warfare Chinese entities are launching in India on a repeated basis,” Vineet Kumar, Founder and President, CyberPeace Foundation said in a statement. While Spin The Lucky Wheel Scam emerged within days after Flipkart announced its Big Billion Day Sale, the hackers used the opportunity to create a similar-looking scam linking Amazon and Flipkart’s Big Billion Days event. According to the think tank, Indian e-commerce shoppers were sent spurious links to click on and participate in a contest where they could win an OPPO F17 Pro (Matte Black, 8 GB RAM, 128 GB Storage) smartphone. “People who were duped into believing that they had won the phone as a prize would be asked to share the link via WhatsApp to their friends and family,” it said.

Also read: TikTok lost 40% market to local apps Josh, MX TakaTak, Roposo, others since Chinese apps ban: report

CyberPeace Foundation had deployed open-source investigative methods to examine the links. What showed up was that all the domain links were registered in China particularly Guangdong and Henan province to a company named Fang Xiao Qing. The hackers had registered these domains on Alibaba’s cloud computing platform and had hosted these links across Belgium and the US. Moreover, fake images and comments were used to create fake accounts on social media platforms to make the contest sound legitimate. The URL used for the contest redirected to different fake sites. The links are still found to be operational.

“The information collected via these scams can be used to undertake more such cyber-attacks especially targeted at internet users in Tier 2 and Tier 3 cities where awareness about such scams are low,” added Kumar. India had banned 43 Chinese apps last month, 118 apps in September, and 59 apps in June this year.