Fact check: Insight into a global factory of phishing websites that even impersonate the Ministry of Finance

0

During the first and second waves of the Covid-19 pandemic, the Center announced programs aimed at providing economic relief to individuals and businesses. The economy right now is still struggling for a number of reasons. Therefore, the newly announced relief programs are a credible idea.

And some people took advantage of it. One such website claiming to be Ministry of Finance of India advertised financial aid of Rs. 30,628 and many believed it to be true.

Of course, the Ministry of Finance announced no such aid. The Press Information Office has labeled this website as fraudulent.

But the story does not end there. It’s only just begun.

Peeling back the layers of this website, we came across a global network of hundreds of scam websites, extending their tentacles to multiple countries.

Here, we’ll dive into the world of who runs these websites and learn how they operate.

Same scam, multiple sites

The aforementioned “Ministry of Finance” website appears to be designed primarily for mobile devices. And scam websites like these thrive on instant messaging apps like WhatsApp. For example, when you share the URL of this website, the preview mentions “finmin.nic.in”, the URL of the Ministry of Finance website. And it’s meant to deceive people. Of course, if you look at the actual URL that was shared – indiangotrs.blogspot.com – you will immediately recognize that it is not owned by any government organization.

But that’s not the only URL. There is also “indiarsgot.blogspot.com” and “indiagetingrs.blogspot.com” and both websites were active at the time of this writing.

All three links are similarly designed to impersonate the Ministry of Finance of India. Their archived versions can be viewed here, here, and here.

The Squid game begins

Inside these sites, when you click on the sign up button, you will be asked to enter your name and share the link with 15 WhatsApp friends or forward it to five WhatsApp groups. As you do this, another window will open, taking you to a page featuring the design of the world famous Netflix show “Squid Game”.

When you click on the page with the “Squid Game” visual, two different links open. The first link asks you to enter your phone number and call to receive further participation instructions. Such tricks to harvest phone numbers are often used to harvest data.

The second link will also ask for your phone number. When you enter a phone number (which you shouldn’t) and continue, a warning will flash on your screen claiming that this malicious website could steal your passwords, email or even credit card details .

Read between the lines of code

Websites impersonating the Ministry of Finance are hosted on blogspot.com. This was intentionally done to make it difficult to unmask the people behind them.

If anyone tries to find the details of the website using domain investigation tools, only the details of blogspot.com will be revealed and it will not be possible to find anything on the website hosted on it or its creator.

We then decided to look into the source code of these websites. Here we found links to three profile pages hosted on blogspot.com: od107, od.company79 and od.company81.

Analysis of the websites listed on these profiles revealed several other Blogspot profile links such as od.company6, od103, od.company42 and od102.

Pandora’s box

These Blogspot profile pages turned out to be a scam warehouse! They contain a long list of scam websites customized for different countries around the world.

In total, we were able to find 150 active links to fraudulent sites. We have compiled the list of such websites which you can see here.

Screenshots of some of these websites can be seen below. It should be noted that a large portion of these websites are in Arabic. This means that the person running these sites might have an Arabic connection.

Among the fraudulent links, we found websites running fake schemes on behalf of world leaders like Abdullah II bin Al-Hussein, popularly known as the King of Jordan, and UAE Prime Minister Mohammed Bin Rashid Al Maktum.

Scams are carried out on behalf of brands and organizations from several countries around the world like Saudi Arabia, UAE, Egypt, Jordan, Kuwait, Lebanon, Morocco, Qatar, and Yemen. For example, fraudulent schemes are organized in the name of “Touch” and “Alpha”, the main telecommunications operators in Lebanon. Another fake website is run in the name of Carrefour Jordan, a supermarket in Jordan.

Although we have not been able to identify who is behind these fraudulent websites, it is clear that fraudulent websites advertising government financial aid and other programs around the world are run by a person or a group.

To claimThe Ministry of Finance is providing financial assistance worth Rs. 30,628 to all Indian citizens amid the current financial crisis. ConclusionThe Ministry of Finance has not announced any such grants. This is a scam website that contains links to several scam websites around the world.

JHOOTH BOLE KAUVA KAATE

The number of crows determines the intensity of the lie.

  • 1 Raven: Half True
  • 2 Crows: mostly lies
  • 3 crows: Absolutely false
Share.

Comments are closed.