eBike Phishing Sites

The Singaporean security firm CloudSEK has recently identified a large-scale campaign, involving over 200 phishing and scam sites. The operators of these sites have tricked users to steal their personal information and put in malicious schemes that are impersonating honest brands.

This attack relies upon the misuse of Google Ads and SEO, as it will attract victims to enter into the fake websites that are targeting the Indian audience specifically.

Through this new malicious campaign, the threat actors have already looted more than $1,000,000 from tens of thousands of victims.

Scams Targeting the EV Industry in India

The prices of oil have increased immensely, and not only this but the looming climate has been creating a lot of troubles. Which has eventually forced the energy-intensive sector to give a thought regarding conventional modes, and to adopt a lot of revolutionary changes.

However, India is the fifth-largest automotive industry in the world, and therefore the cybercriminals are hunting different ways to attack India, with the motive to exploit the new ecosystem.

That’s why the attackers have started targetting India, and the security analysts of CloudSEK have identified a large-scale phishing campaign targeting potential EV distributors and users in India.

Phishing Campaign

The whole phishing campaign has some key points, that we have mentioned below:- 

  • The threat actors initially implement their attack, by registering fake domains that correspond to legitimate domains of EV manufacturers and marketplaces.
  • Once they are done with the above step, later they generate Google Ads for the fake domains and exploit SEO.
  • Now, whenever the user clicks on the ads that are being generated by the attackers is referred to the phishing domains where their data and money gets accumulated in the form of reservation/booking fees for a vehicle or a security assurance to become an e-bike dealer.

Modus Operandi

There are three factors, and they are:-

Building the Phishing Domain

  • The threat actors initially register the domain names that contain legitimate e-bike manufacturers like Ather, Revolt, etc.
  • The threat actors register a large number of domains and not only this but they keep some of them to use in the future.
  • The operators copy the content, style, layout, and images of legitimate websites, to use credible domain names.

The Phishing Lure

  • The fake websites and domains are offered to users through Google Ads and as keyword search results.
  • The threat actor provides keyword and leverage SEO to confirm that the domains are top results, and is applicable for users who are searching for a specific brand for some queries.


After getting into the phishing site the malicious site request the users to give all their personal data like:-

  • Name
  • Contact number
  • Email address
  • Physical address

After giving all their data, the users were being asked to pay the fee required to:-

  • Become a registered dealer.
  • Book an e-bike they want to purchase.

Recommendations and Mitigations

The recommendations and mitigations offered by the security experts are:-

Recommendations for the Consumers:

  • Do not click on unknown website links that show up on search results.
  • Do not share personal data, or pay booking fees, without confirming the credibility of a website.
  • Do not share OTPs or passwords if you have already shared your PII or banking details.

Mitigation Measures for the EV Businesses:

  • Try to identify and discontinue the phishing websites that have been spoofing your business.
  • Report the phishing campaigns to the Cyber Crime Cell, with all the details.
  • Conduct awareness campaigns to apprise users/customers regarding this kind of attack.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.