The Indian cyber agency warned that free gift offers can be a trick by Chinese websites to steal users’ confidential information.

In an advisory, CERT-In, under the IT Ministry, cautioned users against adware targeting prominent brands and tricking customers into fraudulent phishing and scams.

“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram, etc.) that falsely claim a festive offer luring users into gift links and prizes,” it said.

“The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts,” it added.

The victim receives a message containing a link to a phishing website similar to the websites of popular brands and is lured with a false claim of a special festive offer of prizes or money on answering a questionnaire.

The attackers then entice the users to give sensitive information like personal details, bank account details, passwords, OTPs, or use it for adware, and other adversarial purposes. The website links involved are mostly Chinese (.cn) domains and other extensions such as .top, .xyz.

These attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in financial fraud, the advisory noted.