Cybersecurity company Quick Heal has issued a warning about a rise in sophisticated cyber scams targeting festival shoppers. Researchers at Seqrite Labs, part of Quick Heal, report that fraudsters are now using artificial intelligence to craft highly personalised attacks.
During Diwali, e-commerce sales crossed ₹90,000 crore in 2024, while IRCTC handled over 13 lakh bookings daily. This surge in online transactions creates a “perfect storm” for cybercriminals. Quick Heal says scammers send fake messages to exploit shoppers’ excitement, tricking them into clicking malicious links.
Sneha Katkar, Head of Product Strategy at Quick Heal, said AI makes it easier for fraudsters to produce customised communication. “Festive inboxes overflow with tempting deals, yet some messages are Trojan firecrackers. Cybercriminals weaponise holiday FOMO with countdowns or fake threats of account suspension,” she explained.
Quick Heal has identified five main types of scams during festival seasons:
- Fake Travel and Booking Portals – Cybercriminals clone IRCTC and airline websites. Phishing emails, Google ads, and WhatsApp forwards collect payment details. Some scams inject malware to steal future transactions.
- Malicious E-Commerce Sites – Fraudsters create fake shopping websites advertising festival deals. Many use typosquatting to harvest personal information. Quick Heal found over 800 domains targeting shoppers in 2024.
- Event and Entertainment Fraud – Fraudsters target ticket bookings for dandiya, garba, and other events. Fake UPI requests redirect users to phishing pages.
- QR Code and UPI Payment Traps – Malicious QR codes redirect people to credential-harvesting sites disguised as legitimate platforms. Quick Heal advises verifying all payment links before scanning.
- AI-Enhanced Social Engineering – Fraudsters personalise scams using shopping history, search patterns, and social media activity. Data from previous breaches, including Aadhaar and passport leaks, increases scam credibility.
Researchers at Quick Heal also highlighted “digital arrest” scams, where attackers impersonate authorities via calls, emails, or video, using personal details to accuse victims of crimes.
Quick Heal recommends updating devices, avoiding unsolicited links, verifying UPI payment beneficiaries, and reporting suspicious activity on cybercrime.gov.in. Its AntiFraud.AI solution offers real-time phishing detection, scam-call alerts, and dark-web monitoring.
As AI-powered cybercrime rises during festivals, Quick Heal stresses that both technological solutions and user awareness are critical. Shoppers should remain vigilant to protect their data and funds this Diwali.
Also read: Safety First: Jio’s Commitment to Family Protection
Subscribe Deshwale on YouTube
