Raksha Bandhan Sees Spike In Cyber Scams — Here’s How To Stay Safe

As India prepares to celebrate Raksha Bandhan, the uniquely Indian festival that celebrates the bond between siblings, cybersecurity vendor CloudSEK reports that cybercriminals are exploiting the festival with sophisticated scams. From fake e-commerce sites to emotionally manipulative phishing campaigns, fraudsters are using the festival to steal money and personal data, according to a report released by the vendor.

CloudSEK’s threat intelligence team claimed they had identified a range of tactics used by cybercriminals to exploit the surge in online shopping and gift exchanges during Raksha Bandhan. Key findings of their report include:

• Phishing Messages On The Rise: Fraudsters are flooding inboxes, WhatsApp, and SMS with messages promising “Rakhi gift deliveries” or “exclusive sale coupons.” These often contain malicious links that install malware or steal payment details. Scammers posing as courier services or personnel from India Post are tricking users into paying “re-delivery fees” for fake parcels by clicking links that demand small payments to “update addresses.”

• Deceptive E-Commerce Websites: Bogus online stores mimic leading online shopping platforms to redirect users to phishing pages hosted on obscure domains. These sites advertise 'rakhis', sweets, and gifts at impossibly low prices, only to siphon off payment details when users enter their card information.

• Social Media Fraud: Scammers are also leveraging platforms like Instagram and Facebook to promote fake deals, such as an iPhone 16 Pro for ₹599 under “Raksha Bandhan specials.” One fraudulent ad, hosted on https://rakshabandhanoffer.in.net/RakhiOff/, mimics legitimate e-commerce platforms to harvest banking details.

• UPI and Gift Card Scams: Fraudsters send fake UPI “collect” requests or QR codes disguised as 'rakhi' gift claims. A malicious campaign falsely offered Rs 5,000 gift cards under the Prime Minister’s Mudra Yojana, redirecting victims to phishing sites that trigger UPI payments to scammers. CloudSEK’s investigation traced one such scam to a UPI ID (34161FA82032AA2D24E6B40@mairtel*) linked to a business named “udayrajkiranastore” and a suspected threat actor, Shyam Saini, identified via a Facebook profile.

• Emotional Manipulation: Scammers exploit familial bonds by posing as siblings or relatives in distress, urging victims to pay via UPI or bank transfers for fake “customs fees” or “urgent delivery charges” related to 'rakhi' gifts.

• Fake Customer Support: Imposters posing as support teams from leading online shopping platforms or couriers trick users into sharing screens or OTPs, attempting to capture sensitive financial information. 

According to CloudSEK, multilingual phishing campaigns in Hindi, Telugu, and Tamil are broadening the reach of such cybercriminals, targeting diverse regions and amplifying their impact.

To safeguard against these threats, security experts recommend:

• Shop Securely: Purchase from trusted platforms and verify URLs for “https://” and padlock icons. Avoid deals that seem too good to be true.

• Scrutinise Links: Use link-expander tools to check the true destination of shortened URLs in messages.

• Protect Payments: Use secure payment methods like credit cards with buyer protection and never share OTPs or PINs.

• Track Safely: Monitor 'rakhi' parcels only through official courier websites or apps, avoiding links from unsolicited messages.

• Educate Seniors: Teach elderly family members to recognise scam red flags, such as urgent payment demands or emotional pleas.

• Report Immediately: If scammed, contact your bank and file a complaint at India’s National Cybercrime Reporting Portal (cybercrime.gov.in) or helpline (1930).