If you have been looking for a special Diwali deal on your favourite e-commerce platform and have been looking all over the internet for a discount coupon on code, then beware. Scammers have now found a new way to swindle people out of their money — by going after susceptible people when they are shopping online, looking for special deals on Diwali.
CloudSEK’s cybersecurity researchers have detected a significant uptick in deceptive online scams exploiting the festive spirit, with Diwali shoppers on popular platforms such as Flipkart and Amazon bearing the brunt.
The investigation reveals a series of phishing campaigns orchestrated by malicious actors aiming to disrupt the recharge and e-commerce sectors. These unscrupulous individuals tarnish the reputations of prominent brands by employing tactics like crypto redirects and betting schemes, intensifying their efforts during the festive season.
CloudSEK’s recent findings exposed a staggering 828 suspicious domains in the Facebook Ads Library last week. These domains were dedicated to phishing, employing tactics to deceive individuals into divulging sensitive information.
Rishika Desai, the head of cyber intelligence at CloudSEK, disclosed the surge in fraudulent shopping websites, cautioning that these scams extend beyond compromising online shopping experiences and could escalate into full-fledged financial fraud. She also highlighted the risk of hackers posing as customer service representatives to dupe unsuspecting shoppers.
The significance of early detection becomes apparent as cybercriminals exploit the festive mood, capitalizing on the likelihood that individuals may lower their guard. CloudSEK’s efforts to report these fraudulent sites to authorities proved crucial, but a surprising revelation emerged – many of these deceitful platforms possessed an admin panel. Although taken down, the presence of an error message on the backend hinted at potential ongoing malicious activities.
The deceptive tactics employed by scammers during the Diwali shopping frenzy include the creation of fake websites with ‘Diwali’ in their name, mimicking renowned Indian e-commerce platforms. Using methods like typosquatting, they transformed legitimate-sounding URLs, such as ‘shop.com,’ into deceptive counterparts like ‘shoop.xyz,’ maintaining the same appearance and content to deceive users.
In addition to this, a clandestine betting game unfolded, as websites incorporating keywords like ‘Diwali’ and ‘Pooja’ were identified as hosting in Hong Kong and redirecting to Chinese betting pages. Cybercriminals seized the opportune moment of Diwali to entice unsuspecting users with fake gambling sites.
Further complicating matters, cryptocurrency scams emerged on social media platforms, where users were enticed to register on dubious crypto websites with promises of Diwali freebies. Leveraging enticing offers such as free life insurance and special coins, scammers successfully lured users into signing up for questionable crypto platforms.
Rishika Desai issues a stark warning, stating, “Instances similar to this can be found online, where users are leveraging Diwali freebies to maximize registrations on such dubious crypto platforms.” As the festive season unfolds, vigilance becomes paramount to thwart these evolving online threats and safeguard users from falling victim to malicious schemes.