How are fake Jio websites stealing your banking credentials?
After conquering the telecom sector with its affordable pricing, Reliance Jio has been in talks to venture into the DTH set-top boxes and wired network services. The new services are still in the phase of being planned and nothing has been officially rolled out yet. However, cybercriminals are taking advantage of the rumors to scam unsuspecting users. Here are the details.
Scammers offering fake Jio DTH service for Rs. 10
Scammers are providing lucrative offers on Jio DTH, a service which isn't even live yet. A fake SMS regarding this reads, "JIO PHONE & DTH Rs. 10 only for lifetime free channels register now offer for 1st 1000 customers avail this offer http://jiodevices.online/ Book now."
You'll be taken to website that looks official but isn't
On clicking the link mentioned in the SMS, you will be directed to a website called 'jiodevices.online' which doesn't belong Reliance Jio and isn't even https-verified. However, it has been designed to pass as a legitimate Jio website. Clicking on the Book button will take you to a payment gateway where you'll be asked for your card number, CVV, expiration date, name, and DOB.
And you are duped
However, once you try to make the payment Rs. 10, the webpage will display, "Oops!!!! Transaction declined by your Bank." This is how cybercriminals are saving your personal data and bank account details, while the user leaves the website thinking nothing of the failed transaction.
Not the first time such a scam has been noticed
Earlier, another SMS scam was promising the rumored Jio DTH boxes for Rs. 11. In the same manner, users were taken to a website called 'jiodishtvshop.com.' For availing the service, they had to enter information like name, e-mail, address, phone number, and eventually their credit/debit card's 3D Secure PIN, only to have the transaction decline in the end.
Signs of a malicious website
If a website has incorrect logos, grammatical and spelling errors, it is most likely not authentic. Open SMS links of websites on Google Chrome and check for it showing 'https' as a part of its URL. If not, it is advisable to stay away from it. If a website is accepting unintelligible details, like 'yyyyyy' as phone number, it could be a malicious website.