As the festival season sweeps across India and global online retailers launch blockbuster sales, a less cheerful trend is quietly gaining momentum: a surge in sophisticated online scams. From festive bargains that seem too good to be true to increasingly convincing phishing emails, cybercriminals are exploiting the shopping rush—and the latest technology—to target consumers worldwide.
According to the India Cyber Threat Report 2025 released by Seqrite Labs on October 7, 2025, cybercriminals are now deploying artificial intelligence-powered tools to craft highly personalized and contextual attacks, especially during Diwali’s frenetic shopping season. The report warns that as millions of Indians flock online to buy gifts, electronics, and clothes, scammers are upping their game, making their cons harder to spot and more devastating when they succeed.
Quick Heal Technologies Limited, a leading cybersecurity firm, has identified five dominant cyber scam patterns preying on festival shoppers. First on the list: counterfeit travel and booking portals. These scams involve cloned websites that mimic the look and feel of official IRCTC and airline booking platforms, often promoted through phishing emails, Google ads, and WhatsApp forwards. Victims enter their personal and payment details, only to have their money siphoned off—sometimes with additional malware installed for future theft.
Malicious e-commerce and shopping scams are also on the rise. Cybercriminals set up fake e-commerce sites with irresistible “lightning deals” and festival discounts. The catch? These deals are simply bait to harvest personal data. CloudSEK research, cited by Quick Heal, found 828 distinct phishing domains in the Facebook Ads Library, many targeting festive shoppers through typosquatting—registering web addresses that look almost like the real thing but aren’t.
Event and entertainment fraud is another growing threat. With the excitement around Diwali’s pandal visits, dandiya nights, and garba events, criminals have created counterfeit ticketing sites and fraudulent UPI payment requests. According to Quick Heal, these scams redirect users to phishing pages designed to drain bank accounts in an instant.
QR code and UPI payment traps are now a staple of the scammer’s toolkit. A simple scan can send users to malicious sites that look eerily legitimate, harvesting credentials before the victim even realizes what’s happened. These attacks have grown more complex, often involving redirection schemes that mask the scam’s true nature until it’s too late.
Perhaps most alarming is the rise of AI-enhanced social engineering. Cybercriminals are leveraging artificial intelligence to create phishing campaigns that reference shoppers’ actual browsing patterns, purchase histories, and even social media activity. As Quick Heal notes, these attacks are far more convincing than the crude scams of years past—and much harder to detect.
“A few habits like verifying websites before you pay, turning on multifactor authentication, checking bank statements, and reporting anything fishy dramatically reduce risk. We’re doing our part behind the scenes; we invite consumers to do theirs in front of the screen,” said Rakesh Bakshi, Vice President – Legal, Amazon India, in a statement shared on October 7, 2025. Amazon India, in partnership with the Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs, has launched educational campaigns and a Protect & Connect microsite to help shoppers recognize and avoid scams.
Amazon’s nine safety tips echo much of the expert advice: always verify website authenticity by checking URLs and looking for https, avoid clicking on suspicious links, and use secure payment methods. The company also urges consumers to steer clear of public Wi-Fi for payments, verify sellers and reviews, and never share one-time passwords (OTPs) or payment details over unsolicited calls or emails.
Scottish shoppers, too, have been put on high alert. During Amazon’s Prime Big Deal Days promotion on October 7 and 8, 2025, Advice Direct Scotland warned customers about a spike in online scams. Criminals are impersonating Amazon in emails, texts, and calls, claiming account issues such as temporary holds or cancelled orders. These messages typically urge recipients to click a link to “verify their account” within a tight deadline—classic pressure tactics designed to override caution.
Rebecca Fagan, project lead at Advice Direct Scotland, explained, “Scammers are changing their tactics all the time, and AI is playing a big role. AI can make emails and images look more convincing, which makes spotting scams harder. Always stay alert and think twice before clicking on emails or ads. If you have any doubts, check with the original source before sharing personal information.”
One particularly dangerous trend is the use of AI platforms like ChatGPT to generate phishing messages that are free of the spelling and grammar errors that once betrayed scam attempts. AI image generators are also being used to create fake celebrity endorsements, lending a veneer of authenticity to fraudulent offers.
The problem is far from local. The Global State of Scams 2025 Report, released by the Global Anti-Scam Alliance (GASA) and Feedzai, paints a sobering picture. In the past year, 57 percent of adults worldwide experienced a scam, and 23 percent lost money. Shopping scams were the most common, affecting 54 percent of victims, followed closely by investment and unexpected money scams at 48 percent each. Regions like South America, Africa, and Oceania saw the highest scam rates, with up to one in four adults losing money in just 12 months.
The emotional toll is significant. According to GASA, 69 percent of scam victims reported major stress, 17 percent lost confidence, and 14 percent experienced increased family tension. Yet many incidents go unreported, often because victims are unsure where to turn for help.
Despite 93 percent of adults globally claiming to take at least one step to verify offers—such as checking for spelling errors, reading reviews, or ensuring the company is on social media—these methods are proving less effective against today’s AI-powered scams. Jorij Abraham, Managing Director of GASA, observed, “We have a huge challenge, 73 percent of people worldwide feel confident they can recognize scams, however, nearly a quarter still lost money in the past year. Scams are not only draining finances but also eroding trust and creating significant stress within families.”
So, what can shoppers do to protect themselves? Experts recommend a multi-pronged approach: verify URLs carefully, avoid clicking on unsolicited links, use secure payment methods (credit cards often offer better protection than debit cards), and never enter sensitive information after following a link in an email or message. Be wary of deals that seem too good to be true—an iPhone for a fraction of its price is a red flag. Above all, take your time; scammers thrive on creating a false sense of urgency.
If you suspect you’ve fallen victim to a scam, act fast. Contact your bank to block cards and dispute transactions, report the incident to national cybercrime portals (such as cybercrime.gov.in in India), and change any compromised passwords immediately. In Scotland, Advice Direct Scotland encourages reporting via its ScamWatch tool at www.scamwatch.scot.
As digital shopping becomes ever more convenient—and scams ever more sophisticated—the best defense remains vigilance. With a blend of technological safeguards and a healthy dose of skepticism, consumers can enjoy the season’s festivities and bargains without falling prey to cybercriminals.
