Fraud Alert: Big Online Sale? Cybercriminals Are Also Shopping for Victims
Amazon and Flipkart are kicking off their annual festive sales this weekend. Millions of shoppers across India are already comparing prices, building wish lists and waiting to pounce on the best deals the moment the clock strikes sale o'clock.
Cybercriminals are waiting too.
Every major online sale has a shadow running alongside it. While genuine platforms are busy stacking discounts on smartphones, electronics, fashion, and appliances, fraudsters are quietly setting up their own operations — fake websites, phishing traps and payment scams aimed squarely at bargain hunters in a hurry.
The golden rule has not (yet) changed: if an offer looks too good to be true, it almost certainly is.
The Fake Deal Trap
Fraudsters understand how shoppers think during a sale. What we see during the sale are flash deals that last only a few minutes and limited-stock warnings which create panic. The fear of missing out pushes customers to act before they think. That is exactly the window criminals are counting on.
So, when a message arrives on WhatsApp, Telegram, SMS, email or Instagram claiming ‘Amazon Mega Sale Early Access’ or ‘90% off on iPhone’ or ‘Congratulations! You've won a ₹5,000 cashback’ — the instinct is to tap it immediately.
Most of these messages carry a malicious link. One click and you are on a fake shopping page that can look almost indistinguishable from the real thing. It will ask you to log in, enter your card details, or complete a small ‘verification payment’. The moment you do, everything you have entered goes straight to whoever built that page — and it is definitely neither Amazon nor Flipkart, for example.
Fake Websites Are Getting Harder To Spot
The era of scam websites riddled with typos and broken layouts is largely over. Today, criminals can clone a genuine e-commerce site in minutes — same logo, same colours, same promotional banners, even copied customer reviews. The giveaway is usually the web address, but you have to look carefully. Instead of the real domain, the fake one might have an extra word, a number thrown in, or a letter swapped out — amazon-indiasale.com instead of amazon.in or flipkartbigsale.cn instead of flipkart.com, for instance. At a glance, especially on a mobile screen, most people won't catch it.
This is why the safest habit is to type the website address yourself or go directly through the official app (downloaded from the official Google Play Store or iPhone App Store)— never through a link that arrived in a message.
The Fake Customer Care Trap
This one catches a surprising number of people. During shopping festivals, someone with a delivery problem or a refund issue will often just Google ‘Amazon customer care number’ or ‘Flipkart helpline’.
What they don't realise is that fraudsters deliberately plant fake numbers in search results and online directories.
When you call, the person on the other end sounds perfectly professional. They will ask you to install a remote access app or share a one-time passcode (OTP) to ‘process your refund’. Within minutes, your bank account will be empty. Real customer care executives — at any genuine company — will never ask for your personal identification number (PIN), card verification value (CVV), password or OTP.
Never ever share these with anyone. If someone on a helpline asks for PIN, CVV or OTP, disconnect the call (and block the number).
Fake Payment Pages
Another variation worth knowing about: counterfeit payment gateways. After browsing a fake shopping site and selecting products, you get redirected to what looks like a standard payment page. It captures your card number, expiry date and CVV in full. Sometimes, the page asks for a tiny ‘verification charge’ of ₹10 or ₹20 — the small amount is just a decoy to get your payment details on record. The real theft comes later.
The Free Membership Trick
Free Amazon Prime. Free Flipkart Black access. An exclusive shopping pass only for you! These offers circulate heavily around the sale season. Some ask for a nominal registration fee, small enough not to raise an alarm. Others ask for your login credentials to ‘activate’ the offer.
Unfortunately, there is no offer. There is no membership either. There are only some cybercriminals waiting to use whatever information you hand over.
Social Media Ads Can Mislead Too
Not every sponsored advertisement on Instagram or Facebook leads to a legitimate store. Fraudsters buy ad space just like real businesses do. The ad looks polished; the discount looks incredible; and the checkout process looks real — but the product never arrives and your payment details are now with someone who should never have them.
Before paying on any unfamiliar site you reached through an ad, spend 30 seconds verifying that the seller is genuine.
A Few Simple Checks before You Buy
Before acting on any deal, run through these quickly:
1. Did this link come from the official app or website, or did it arrive in a message?
2. Does the web address look exactly right — or is something slightly off?
3. Is someone creating pressure to buy or click right now?
4. Is anything asking me to share an OTP, card details or a password outside the normal checkout page?
If anything feels even slightly off, stop. Close the tab. Go directly to the official app or type the address into your browser from scratch.
Also switch on multi-factor authentication (MFA) for your shopping account, use strong passwords and keep your bank's transaction alerts active so you know the moment anything moves.
Shop Smart, Not in a Hurry
Big sales are genuinely great for consumers. But the same excitement, urgency and trust that make a sale work for you are what cybercriminals are counting on to make it work for them.
A few extra seconds spent checking a link or confirming a URL is a small price for not spending the next several weeks trying to recover a drained bank account or a stolen identity.
This weekend, while you are hunting for the best price on that phone or that jacket, remember: the fraudsters aren't hunting for deals. They are hunting for you!
Stay Alert, Stay Safe!
