Blog
Akshay Singla

Beware of scams during this crucial time of CoronaVirus pandemic

April 14, 2020
2
Estimated reading time: 5 minutes

Due to the CoronaVirus pandemic and in this lockdown period, people have free time to spend on mobile phones and laptops. Riding on this wave, fake message creators create fake messages with attractive offers or services on social media.

We can see that a large number of fake WhatsApp messages are also being forwarded by people in this period. Such messages can easily fool users who are unaware of such scams. So, we suggest to our users that do not share such kind of messages with your friends and family unless they are verified by you. We can see one such WhatsApp message in the below image Fig. 1

Fig. 1

While analyzing the marked link from the above image, we found that when the user clicked on that link it gets directed to the next page as shown in Fig. 2

Fig. 2

That page shows some random number of Netflix accounts remaining and states “Please, to participate, please respond first:” The page has some Questions to Answer regarding CoronaVirus. When we have answered all of them below message appears as in Fig. 3

If we stay on this page for some period, then the phone starts to vibrate and pops up a message, until we proceed to share or press the Home Button as shown in Fig. 4

 Fig. 3                              Fig. 4

When we share that link to 2 -3 numbers, after clicking the ‘Activate account’ button, it redirects us to a new page in which a story is mentioned having the title ‘28-Year-Old Becomes Richest Man In India Making Money Online’.

This site takes the current location and after opening the same link redirects to the new page with subject including current city like ‘A Guy from X city Became A Millionaire Using This Method’ as shown in Fig. 5

Fig. 5

Getting back to the original site, it has fake ‘Likes and comments’ section, as when we try to like or comment on the page for the first time, it takes the user to the same page as shown in Fig. 5

Fig. 6

Most importantly, see in Fig 6. that there is no ‘Post Button’ to comment on this page.

Fig. 7

As shown in Fig. 7, When the user clicks on ‘TRY IT NOW’ mentioned at the end of the story it redirects the user to Google Play Store to install ‘OlympTrade – Online Trading App’.

Most of the time, it shows the same activity as mentioned above, but sometimes after clicking on the ‘Activate Account’ button, it redirects to the page containing a pop up to install ‘UC Browser’ with Cancel button. When a user clicks on the Cancel button and goes back to the previous page it shows 2 pop-ups with some adult content as shown in Fig. 8

Fig. 8

We have also checked this link on the Windows platform.

On Mozilla Firefox:- The warning message displayed as ‘Secure Connection Failed’ The Page you are trying to view cannot be shown because the authenticity of the received data could not be verified.”

Fig. 9

On Google Chrome:- The warning message displayed is “Attackers on netflix-usa.net may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards)“

Fig. 10

In the end, the User never gets a Netflix Account.

Below are some similar kind of fake WhatsApp messages :

Fig. 11

Some UPI frauds in this CoronaVirus pandemic.

The whole world is badly affected by the COVID-19 pandemic and it has posed serious challenges for the national economy. India is also suffering from this problem and to deal with this situation India’s Prime Minister’s office has been requesting the nation for making generous donations to support the government in the wake of this emergency.

For this, a dedicated national fund is created with the name ‘Prime Minister’s Citizen Assistance and Relief in Emergency Situations Fund’ (PM CARES Fund)’ to deal with any kind of emergency like the COVID-19 pandemic. Prime Minister is the Chairman of this trust and its Members include Defence Minister, Home Minister and Finance Minister. But it is so sad that some fraudsters are taking advantage of this kindness and setting up fake UPI IDs in the name of PM Cares fund to cheat well-wisher contributors. We can see the difference in real and fake UPI ID’s in below Fig.12

REAL                               FAKE

Fig. 12

As you can see, at the left side there is real UPI ID i.e. ‘pmcares@sbi’ with the registered name ‘Pm Cares’ and on the right side, there is fake UPI ID i.e. ‘pmcare@sbi’ with the registered name ‘Malleboina Akhil’ which was created by some fraudsters to disguise people and earn money. There is a minor change in the original UPI ID which users may fail to detect and easily get trapped in this kind of scam. But now, this UPI ID is traced by the government and blocked it as shown in Fig. 13.

Fig. 13

You should also be aware of some more fake UPI ID’s under this scam like –

  • UPI ID: pmcaree@sbi            Registered name: Malleboina Aruna
  • UPI ID: pmcarre@sbi            Registered name: Kishan Lal

You can read more about UPI frauds here.

Learning Outcomes:

  1. We should never trust such messages coming through social media.
  2. Do not click on such links on mobile phones and laptops.
  3. Do not share these links with your friends and family.
  4. Most of the time, these kinds of links are app promoting links.
  5. It encourages the user to download Apps. Their main agenda is to increase download count for specific apps.
  6. Always cross-check for correct UPI ID while performing digital payments.

Conclusion –

Attackers are using different tricks in this CoronaVirus pandemic, so more and more people fall prey in these kinds of scams. There are more chances that such messages trick users into downloading a harmful or potentially dangerous application on their device.

Also, fake UPI Id’s can steal your hard-earned money, so beware while doing any kind of online transactions. Check the receiver’s details twice and check the trustworthiness of the source from where you get such type of information.

*Respective trademarks are owned by respective third-party trademark owners.

Have something to add to this story? Share it in the comments.

Akshay Singla
About Akshay Singla
Akshay is an Android Malware Analyst at Quick Heal Technologies Ltd. His interests include Android reverse engineering and malware...
Articles by Akshay Singla »

2 Comments

Your email address will not be published.

CAPTCHA Image

  1. Amit ShanbhagApril 14, 2020 at 7:39 PM

    A great article to read, helped a lot how scams are done now a days and how can be protect ourselves from such scams.

    Reply
  2. Rudresh Kumar ShuklaApril 20, 2020 at 11:19 AM

    Good job, few minutes of read will help people to be aware of possible scams they can be tricked with in this time of pandemic.

    Reply