Shreshta Threat Intelligence has uncovered scams luring faster Ola electric scooter delivery date. The threat actors are launching phishing campaigns impersonating OLA , deceiving consumers into purchasing Ola electric scooters by promising a faster delivery date.
Executive Summary
As per our analysis, we conclude with high confidence that the attackers are launching phishing websites impersonating OLA Electric Scooter and tempting the potential buyers to book a scooter by promising them a faster delivery date.
Motive
We can share with high confidence that the motive of the threat actors is to harvest the user’s personally identifiable information(PII) and payment details.
About OLA Electric
Ola Electric Mobility (stylized as OLΛ ELECTRIC) is an Indian, electric two-wheeler manufacturer, based in Bengaluru, Karnataka, India. As of September 2023, this India’s largest electric two-wheeler manufacturer is valued at around US$5.4 billion.. It has a manufacturing facility located in Krishnagiri, Tamil Nadu which is India’s largest two-wheeler EV manufacturing factory.
Tempting buyers with a faster Ola electric scooter delivery date
Technical analysis of phishing websites impersonating OLA Electric
In this section, we will explore a few of the phishing websites impersonating OLA.
Phishing website #1 impersonating OLA Electric Scooters
Figure 1 – Screenshot of the phishing website impersonating OLA Electric Scooter
Figure 2 – Selecting “Check it out!” or “Reserve now” leads the user to the cart.
The prompt encourages the user to “Continue” and book the OLA Electric Scooter.
Figure 3 – After clicking “Continue,” users are prompted to input their Personally Identifiable Information.
Upon accepting false details, the website then guides the user to another page.
Figure 4 – Users are instructed to finalise the payment using the displayed bank details.
Figure 5 – The creator used images from the OLA website to create the phishing website.
Threat Indicators
- Porkbun LLC registered the domain name olaelectric.pro.
- Domain name registration date – December 23rd 2023
- The domain name resolves to IP address 150.230.181.31
- The IP address 150.230.181.31 belongs to AS31898 (Oracle Corporation)
Phishing website #2
Figure 6 – Screenshot of the phishing website impersonating OLA Electric Scooters
Figure 7 – Clicking on “Apply Now” prompts the user to enter their details
Figure 8 – Clicking “Apply Now” redirects them to a “thank you” page.
Threat Indicators
- Endurance Digital Domain Technology LLP registered the domain name olaelectriccs.in.
- Domain name registration date – November 8th 2023
- The domain name resolves to IP address 162.241.85.230
- The IP address 162.241.85.230 belongs to AS46606 (Unified Layer)
Phishing website #3
Figure 9 – Screenshot of the phishing website impersonating OLA Electric Scooters
Figure 10 – Upon selecting “BOOK NOW,” the user is prompted to fill out a form.
The website acknowledges false details, and subsequently guiding the user to another page.
Figure 11 – Users are instructed to finalise payment using the displayed bank details.
Threat Indicators
- The domain name olaelectricscootersbook.in was registered by Endurance Digital Domain Technology LLP
- Domain name registration date – August 17th 2023
- The domain name resolves to ip address 116.202.221.212
- The IP address 116.202.221.212 belongs to AS24940 (Hetzner Online GmbH)
Network Infrastructure Analysis
Safety Recommendations
- Configure Browse Safe DNS Servers on your devices to block phishing, malware, cryptojacking and other cyber threats
- If you become a victim of cyber crime, call the national (India) cyber crime helpline 1930 or file a complaint at https://cybercrime.gov.in/
- As an enterprise, safeguard your organisation in real-time against cyber threats like phishing, malware, newly registered domain names, and other malicious communication by utilising Shreshta DNS Firewall.Please email sales@shreshtait.com for a free 30-day trial.
Conclusion
Scams luring customers into quicker delivery of goods and services are on the rise. The threat actors mimic the genuine websites to phish the user for their personally Identifiable Information (PII) and bank details.
Indicators of Compromise
- https[:]//olaelectric.pro/index.html#
- http[:]//olaelectriccs.in/
- http[:]//www.olaelectriccs.in.dhaniloanservice.co.in/
- https[:]//olaelectricscootersbook.in/
- https[:]//olaelectricscootersbook.in/
