🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Amidst the 2024 Diwali celebrations, CloudSEK's Threat Research team has identified a surge in online scams and phishing attacks targeting Indian consumers. Scammers are leveraging the festive season’s online shopping boom to create fake e-commerce sites, job offers, and firecracker sales scams, impersonating well-known brands to deceive users. Victims are often lured with deep discounts and fake promotions, resulting in financial losses, identity theft, and privacy breaches. The report emphasizes vigilance and provides recommendations to avoid direct bank transfers, verify website authenticity, and share safety tips with loved ones to prevent further scams.
Protect your organization from external threats like data leaks, brand threats, dark web originated threats and more. Schedule a demo today!
Schedule a DemoFestive season is a business making opportunity for both good and bad. During the 2024 Diwali celebration, CloudSEK’s Threat Research team has observed a rise in online scams and phishing attacks targeting Indian consumers. Scammers are exploiting the festive season’s surge in online shopping and the public’s enthusiasm for discounts to trick users into revealing personal information and making payments on fake platforms. These scams include fake e-commerce sites, fraudulent job offers, firecracker sales scams, and pages impersonating well-known brands. Such scams pose significant financial and data privacy risks to unsuspecting users.
This report tries to classify and raise awareness about the type of scams in the market during festivities.
CloudSEK's Threat Research team has been actively monitoring online scams that are on the rise during the festive season and has noted down the top trending scams targeting Indian citizens during Diwali.
During Diwali, e-commerce scams become increasingly common as scammers take advantage of the high volume of online shopping and the festive season's attractive discounts. These scams often involve fake websites or social media ads impersonating well-known e-commerce brands and promoting “too-good-to-be-true” deals on popular items, like electronics, home appliances, and festival essentials.
Victims not only lose money but also risk exposing their personal information, which can be misused for further scams, identity theft, or unauthorized access to financial accounts.
In addition to e-commerce scams, job scams are increasingly targeting individuals during the festive season. Scammers exploit job seekers’ desire for stability by impersonating trusted entities like government service centers, using deception to gather personal data.
During the Diwali season, scammers have launched multiple fake websites advertising discounted firecrackers, capitalizing on the festive demand. These websites claim to offer over 50% off on firecrackers as part of a Diwali sale, luring users with seemingly attractive deals.
Victims of these scams lose money with no chance of receiving their purchases. Additionally, they risk exposing personal information, potentially leading to further scams, identity theft, or unauthorized financial transactions.
Fake Firecracker scam pages advertising diwali offer on crackers
Payment details on a fake firecracker scam websites asking user to send money through QR or direct bank deposits
AD to Brag scams
We have also seen recently registered fake websites impersonating major Indian e-commerce companies. One such deceptive site, called "AD to Brag," claims to allow users to "brag" about products they've purchased during the Diwali sale by sharing with friends. By mimicking the legitimate brand, this scam leverages a social sharing concept to entice users into providing sensitive information.
Modus Operandi:
Victims risk exposing both their own and their friends' personal contact information. This data can be misused for further scams, including phishing attacks and privacy invasions, as scammers may leverage these numbers to conduct targeted campaigns or sell them to other malicious actors.
We have also noticed fake pages impersonating popular mobile brand in India, collecting phone numbers and IMEI numbers, poses significant risks:
Table: Recently Registered Fake Site impersonating a major mobile brand
In addition to the Diwali-related scams highlighted above, several other scams are actively targeting users across various platforms. These scams are not specific to the festival season but continue to trend due to their widespread impact. They include:
These scams collectively contribute to a high risk environment for users, underscoring the need for heightened vigilance.
CloudSEK’s latest research uncovers a troubling trend involving scammers using deepfake technology to promote fraudulent mobile applications. High-profile individuals, such as Virat Kohli, Anant Ambani, and even international figures like Cristiano Ronaldo and Ryan Reynolds, have been targeted through deepfake videos. These manipulated clips showcase them endorsing a mobile gaming app, luring unsuspecting users into scams. The fraudulent ads leverage the credibility of renowned news channels to enhance their legitimacy, fooling users into downloading harmful applications from fake domains resembling Google Play or Apple App Store. This emerging threat is particularly aimed at the Indian market but extends to other regions like Nigeria, Pakistan, and Southeast Asia. The deceptive gaming apps, designed to siphon money from users, require a minimum deposit, promising quick earnings but leading to significant financial losses. These scams exploit deepfake videos in creative ways to bypass detection, making them even more dangerous. To combat this growing threat, CloudSEK’s Deep Fake Analyzer offers a free solution for the cybersecurity community, helping professionals detect and mitigate the risks posed by manipulated videos, images, and audio. This tool is crucial in safeguarding organizations from deepfake-related scams and fraud. To access the CloudSEK Deep Fake Analyzer, visit https://community.cloudsek.com/
FASTag Phishing Campaigns Flourish on Social Media
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
9
min read
Amidst the 2024 Diwali celebrations, CloudSEK's Threat Research team has identified a surge in online scams and phishing attacks targeting Indian consumers. Scammers are leveraging the festive season’s online shopping boom to create fake e-commerce sites, job offers, and firecracker sales scams, impersonating well-known brands to deceive users. Victims are often lured with deep discounts and fake promotions, resulting in financial losses, identity theft, and privacy breaches. The report emphasizes vigilance and provides recommendations to avoid direct bank transfers, verify website authenticity, and share safety tips with loved ones to prevent further scams.
Festive season is a business making opportunity for both good and bad. During the 2024 Diwali celebration, CloudSEK’s Threat Research team has observed a rise in online scams and phishing attacks targeting Indian consumers. Scammers are exploiting the festive season’s surge in online shopping and the public’s enthusiasm for discounts to trick users into revealing personal information and making payments on fake platforms. These scams include fake e-commerce sites, fraudulent job offers, firecracker sales scams, and pages impersonating well-known brands. Such scams pose significant financial and data privacy risks to unsuspecting users.
This report tries to classify and raise awareness about the type of scams in the market during festivities.
CloudSEK's Threat Research team has been actively monitoring online scams that are on the rise during the festive season and has noted down the top trending scams targeting Indian citizens during Diwali.
During Diwali, e-commerce scams become increasingly common as scammers take advantage of the high volume of online shopping and the festive season's attractive discounts. These scams often involve fake websites or social media ads impersonating well-known e-commerce brands and promoting “too-good-to-be-true” deals on popular items, like electronics, home appliances, and festival essentials.
Victims not only lose money but also risk exposing their personal information, which can be misused for further scams, identity theft, or unauthorized access to financial accounts.
In addition to e-commerce scams, job scams are increasingly targeting individuals during the festive season. Scammers exploit job seekers’ desire for stability by impersonating trusted entities like government service centers, using deception to gather personal data.
During the Diwali season, scammers have launched multiple fake websites advertising discounted firecrackers, capitalizing on the festive demand. These websites claim to offer over 50% off on firecrackers as part of a Diwali sale, luring users with seemingly attractive deals.
Victims of these scams lose money with no chance of receiving their purchases. Additionally, they risk exposing personal information, potentially leading to further scams, identity theft, or unauthorized financial transactions.
Fake Firecracker scam pages advertising diwali offer on crackers
Payment details on a fake firecracker scam websites asking user to send money through QR or direct bank deposits
AD to Brag scams
We have also seen recently registered fake websites impersonating major Indian e-commerce companies. One such deceptive site, called "AD to Brag," claims to allow users to "brag" about products they've purchased during the Diwali sale by sharing with friends. By mimicking the legitimate brand, this scam leverages a social sharing concept to entice users into providing sensitive information.
Modus Operandi:
Victims risk exposing both their own and their friends' personal contact information. This data can be misused for further scams, including phishing attacks and privacy invasions, as scammers may leverage these numbers to conduct targeted campaigns or sell them to other malicious actors.
We have also noticed fake pages impersonating popular mobile brand in India, collecting phone numbers and IMEI numbers, poses significant risks:
Table: Recently Registered Fake Site impersonating a major mobile brand
In addition to the Diwali-related scams highlighted above, several other scams are actively targeting users across various platforms. These scams are not specific to the festival season but continue to trend due to their widespread impact. They include:
These scams collectively contribute to a high risk environment for users, underscoring the need for heightened vigilance.