Many Indians think that the year's most significant discounts and offers end with Diwali. With online shopping, it no longer holds true. Most online e-commerce portals align their marketing with global practices so festive and holiday discounts remain active until the first week of January. Remember, scammers and fraudsters are also big shoppers during the festival offers and are quick to discover which product or website can be exploited to lure and dupe people with some social engineering tricks and mind games.
A report from the national crime records bureau (NCRB) says, in 2022, nearly 65% or 42,710 out of 65,893 cybercrime cases of fraud were registered. Extortion cases came next and accounted for 3,648 incidents or 5.5% of crimes; sexual exploitation was third and accounted for 5.2% of the total at 3,434 incidents. Duping or cheating in online shopping scams falls under cases registered with the motive to defraud.
An avalanche of new tools weaponised by artificial intelligence (AI), machine learning (ML), and deepfakes are allowing cybercriminals to score big successes by helping them to create hard-to-ignore hooks to lure buyers. The US federal bureau of investigation (FBI) says that scammers are the boldest and most creative during the festive or holiday season. FBI's crime report for 2022
shows that, during the 2021 holiday season, non-delivery and non-payment scams cost consumers US$337mn (million).
Security services-provider Avast has warned buyers getting ready for the 2023 festive season, to be aware and careful about some common online scams. They include phishing emails, fake shopping sites, fake charities, fake profiles on social media, online dating scams, malicious download links, gift card frauds, social media scams, fake deals and coupons.
Although not new, phishing is an attack that attempts to steal your money or your identity by getting you to reveal personal information—such as credit card numbers, bank information, or passwords—on websites or apps pretending to be authentic or legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message which contains a link to an authentic-looking phishing website or download (fake) app.
Top or reputed e-commerce websites offer discounted prices throughout the year. However, during the festive season, these portals offer special (read: more) discounts or provide equated monthly instalments (EMIs) for high-value products with help from credit card issuers or banks and non-banking finance companies (NBFCs).
Scamsters exploit these ideas and, with help from new tools, create genuine-looking portals or webpages offering bumper discounts, sometimes as high as 90%. They also propagate or promote these offers online, mainly through social media. No wonder, instead of shopping with reputed e-commerce portals or apps, the unsuspecting customer gets lured with the bumper discount and loses.
Talking about donations to fake charities, Avast says criminals often take advantage of people's generosity during the holidays by creating fake charities and soliciting donations from unsuspecting victims. Before donating, make sure that you verify the organisation's credentials. However, never share your bank or credit card credentials with the organisation, it added.
Cybercriminals also use fake profiles on social media, especially on Facebook and Instagram, to sell items at big discounts or lure unsuspecting people into sharing personal information or siphon their money. Many scamsters use fake copies of original products. For example, a Rolex watch or a Gucci bag. If the actual product costs Rs1 lakh, then fraudsters offer it (genuine looking fake copy) for as low as Rs5,000 to Rs10,000. After selling these counterfeit items for a few days, the scamsters delete their profile or page and emerge with a new profile elsewhere.
While online dating scams are more visible overseas, we have matrimonial scams in India. In both places, fraudsters create fake profiles to gain access to people's personal information or even money through fraudulent promises of love and companionship. While both online dating and matrimonial scams require time and patience from the scamsters, more and more people continue to become victims.
When it comes to downloading any file, including a harmless-looking photo or image, security experts always ask people to be cautious. The reason is you would never know what the good-looking image would be carrying. It could be a malicious code that may steal your personal information and data or even lock your device and demand ransom.
Remember Pegasus? Pegasus is generally capable of reading text messages, call snooping, collecting passwords, location tracking, accessing the target device's microphone and camera and harvesting information from apps. This spy software was installed on mobile devices of people by sending them SMS, a link (that would download and install the spyware) or a message on WhatsApp.
Gift card fraud occurs when someone purchases gift cards with stolen credentials to resell them at a discounted price online or in person. Another example of gift card fraud is when a scammer convinces you to buy a gift card and then shares the information on how to use it with them, allowing them to steal your money. Never purchase pre-loaded cards from third-party sellers and never buy a gift card for someone you have met online, Avast says.
How Not To Become a Victim?
Always remember, cybercriminals are miles ahead of you and even the law enforcement agencies when it comes to using new tools and technology. With so many threats lurking online, it is most important to remain alert and double-check every piece of information before placing an order online, irrespective of whether it is a festive offer.
1. First, check and verify the source that sent you the communication. Then, do thorough research about the product or service before making a purchase.
2. Never share personal information with anyone via email, social media, or phone.
3. Never click on the link in the communication or download anything by opening the link. Opening such links often leads to phishing sites or downloading malware on your mobile device or computer system.
4. Remember, fraudsters can easily set up fake profiles on social media to lure people and wipe it out clean if they are caught. So, never believe in the huge discounts anyone offers on social media.
5. Never share sensitive personal information like identification details (Aadhaar, PAN card, driving licence), bank account and credit card details, passwords and one-time passcodes (OTPs) in response to unsolicited offers.
6. Use a good quality anti-virus (several free apps provide good protection) for protection from viruses, malware, ransomware and remote access.
By staying vigilant and following these suggestions, you can reduce the risk of falling victim to rampant festive season scams online.
Stay Alert, Stay Safe.
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in
or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.