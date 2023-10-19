As Indians, we've witnessed a sea change in our shopping habits during the festive season – from traditional brick-and-mortar stores to the convenience of ecommerce and online payments. Ecommerce in India is no longer about buying just the essentials – it's also about purchasing gift cards and even high-value items such as electronics and jewelry during the festive season. Unfortunately, this convenience may come at a cost.

Cybercriminals are all too aware of people’s tendency to splurge during the festive season, and take advantage of it. While there's a common perception that the elderly are more vulnerable to digital fraud, data shows that people between the ages of 22 and 50 account for 60% of all cyber fraud victims during the festive season. This is particularly concerning as nearly half of India’s population falls under this age bracket.

The scale of these scams is another cause for concern. A 2022 study by Norton LifeLock found that 62% of Indians have faced online shopping scams during the festive season. This can result in millions of defrauded dollars, given India’s e-commerce industry processed billions of dollars' worth of festive shopping volumes last year, a solid 36.8% growth over the previous year.

Understanding the basics of digital scams

Digital scams come in various forms and degrees of complexity. While some are elaborate, many rely on simple social-engineering tricks to gain access to your digital payment credentials and deceive you. Here's a deeper look into the world of digital scams and how you can protect yourself:

1. Offers that seem too good to be true: A common tactic employed by scammers is to lure individuals with offers that seem too good to pass up. For example, you may come across deals that promise an iPhone 15 at a 50% discount. These offers often lead you to links, websites or apps designed to imitate legitimate platforms. They may encourage you to make a small registration payment, say ₹10 or ₹50. Since the amount is relatively small, you may assume there's little risk.

However, this is where the trap is set. The fraudulent link captures vital payment details such as the card number, expiration date, and CVV/CVC2 code. The next step involves attempting transactions on other websites and tricking you into providing the OTP.

In some cases, scammers employ pharming techniques to redirect you from legitimate websites to their fake counterparts. Pharming is online fraud that involves the use of malicious code to direct victims to spoofed websites in an attempt to steal their credentials and data. It is a two-step process that begins with an attacker installing malicious code on a victim's computer or server.

2. Beware of fake sweepstakes websites: Sweepstakes websites are another breeding ground for scams. These sites often declare you the winner of prizes such as phones, electronic gadgets or cash, even if you haven’t participated in any contest. To claim your prize, you'll be asked to share your payment credentials. This seemingly simple step can compromise your security.

To identify fake websites or malicious links, ensure that the website has a padlock icon next to the URL, indicating that it's secure. Check both certificates (SSL/TLS). Also, instead of clicking on links in unsolicited messages, perform your own search for the website. When in doubt, investigate the domain's age and registration details. If you're sceptical about a company or website, look for reviews. If you find the same reviews repeated across multiple sites, it could be a sign of fraudulent activity. Tools like Google's safe browsing status can also help you distinguish between legitimate and fake websites.

3. Fake KYC fulfillment and customer support scams: In these scams, fraudsters send SMS messages in bulk or contact you via phone calls or WhatsApp messages, claiming that your wallet or bank account will be frozen if you don't complete your KYC (Know Your Customer) process. To resolve the issue, you may be asked to install a remote-access app. However, this is where the scam unfolds. The remote access app, once downloaded and given permission, allows scammers to capture your card details and other payment credentials. They can even read OTPs sent to your mobile device while keeping you engaged in the conversation. To protect yourself, always verify such requests with the customer-care services available on legitimate wallet and bank websites.

4. UPI collect scams: A typical UPI collect scam involves individuals selling items online. A buyer agrees to buy an item at your asking price without negotiating. They send you a UPI collect request or a QR code, making it seem as though you are receiving payment. However, you are unknowingly sending funds to the scammer. To avoid falling victim to this scam, be cautious when receiving UPI payments. Verify that the payment is being credited to the account linked to your mobile number before entering your PIN.

The importance of staying alert

These scams represent just a fraction of the threats lurking in the digital world. Cybercriminals continue to adapt and refine their techniques, so it’s crucial to stay informed and vigilant. The festive season is a time of joy and celebration – don’t let a cybercrook ruin it by taking your eye off the ball.

Manish Deo is head of risk ops & money laundering at PayU.