As the Diwali festivities illuminate homes, a shadowy threat looms online. Cyber researchers at CloudSEK have uncovered a surge in deceptive online scams preying on the festive spirit, particularly targeting Diwali shoppers on popular platforms like Flipkart and Amazon.
CloudSEK’s cyber intelligence team has exposed a series of phishing campaigns aimed at disrupting the recharge and e-commerce sectors. These malicious actors are tarnishing the reputations of prominent brands, employing tactics such as crypto redirects and betting schemes to intensify their activities during the festive season.
Recently, CloudSEK identified a staggering 828 suspicious domains from the Facebook Ads Library, all linked to phishing activities attempting to deceive individuals into divulging their personal information. Rishika Desai, Head of Cyber Intelligence at CloudSEK, shed light on the surge of fake shopping websites during this year’s Diwali season. She warns that these scams extend beyond mere disruption of online shopping experiences and can escalate into full-fledged financial fraud, with hackers even posing as customer service representatives to deceive unsuspecting shoppers.
The significance of early detection of these tactics cannot be overstated, especially during the Diwali season when cybercriminals capitalize on the festive mood, exploiting potential lapses in vigilance among celebrants.
The cybercriminals have employed various tricks, including the creation of new websites with ‘Diwali’ in their names to mimic well-known Indian e-commerce platforms. Employing tactics like typosquatting, these scammers craftily manipulate website addresses to resemble legitimate sites, often employing variations such as turning ‘shop.com’ into ‘shoop.xyz’—an identical appearance with the sole intent of deceiving users.
While CloudSEK took swift action by reporting these fake sites to the authorities, a notable revelation emerged: many of these fraudulent sites had an active admin panel. Even after being taken down, an error message on the backend indicated potential ongoing nefarious activities.
Beyond these strategies, a betting game is afoot, with websites using keywords like ‘Diwali’ and ‘Pooja’ redirecting to Chinese betting pages hosted in Hong Kong. This underscores cybercriminals’ opportunistic approach, leveraging the festive season to entice unsuspecting users with fake gambling sites.
Adding another layer to the scheme, cryptocurrency scams surfaced on social media platforms. Users were lured into registering on dubious crypto websites with promises of Diwali freebies. These scams often dangle tempting offers like free life insurance and special coins to entice users into signing up for questionable crypto platforms.
Rishika Desai cautions, “There can be multiple instances similar to this found online, where users are leveraging Diwali freebies to get maximum registrations to such questionable crypto platforms.”
Diwali shoppers are urged to remain vigilant, as cyber tricksters are operating at full tilt. A little extra caution can go a long way in safeguarding festivities from online scams. Reporting any suspicious activity is crucial to ensuring a safe and joyful Diwali celebration for all.