The festive season, a peak period for consumption and gift-giving, also marks a crucial period for digital caution. The surge in shopping activity, driven by limited-time sales and attractive cashback offers across both online and offline channels, often encourages quick purchasing decisions. Unfortunately, this rush is precisely what scamsters rely on.
These malicious actors exploit consumers’ natural impulse to secure a deal that is often ‘too good to be true’ by leveraging sophisticated social engineering tactics. As digital scams evolve rapidly with technology, adopting a few mindful steps is essential to ensure users enjoy a safe and seamless festive experience.
To safeguard against these threats, the advisory from the National Payments Corporation of India (NPCI) emphasizes several critical security principles, all centered on proactive user vigilance. Firstly, consumers must be meticulous about the platforms they use. Fraudsters create highly convincing lookalike websites and links, particularly during major sale events, intending to steal personal and payment credentials. Users are strictly advised to manually type the web address or use official retailer applications.
The cardinal rule remains: avoid clicking on unsolicited links received through promotional emails, SMS, or forwarded messages. Furthermore, never download files or click links from unknown sources, as they may contain malicious software designed to compromise device security and gain unauthorized access.
Secondly, transactions must be completed entirely within the secure environment of the official shopping platform. A common scam tactic involves attempting to push users to pay on external UPI IDs or links outside the shopping app’s official checkout page, deliberately bypassing standard safety checks. Users must always complete transactions on the verified checkout page and confirm the seller’s legitimate details before authorizing any payment.
Thirdly, users should treat unsolicited offers for rewards or excessive cashback with extreme caution. Messages offering lucrative incentives or festival gifts frequently request sensitive data such as OTPs, account details, or even small upfront “fees” to process the reward. Genuine promotional offers do not require the sharing of sensitive financial information or upfront payments from the recipient. Consumers must pause and verify the source before engaging with any such suspicious communication.
The most vital defense against account takeover scams is protecting the One-Time Password (OTP). Users should treat unexpected OTP requests as immediate warnings. Fraudulent messages often claim that a payment has failed or an account is blocked, then request OTPs under the pretext of “fixing” the problem. It is paramount to remember that OTPs are designed only to confirm a transaction initiated by the user. Banks or payment applications will never ask for them over calls or messages. Finally, scammers frequently create artificial urgency by claiming an offer will expire soon or that an account will be blocked if immediate action is not taken. Genuine, reputable platforms do not employ fear or rush tactics.
To ensure a secure transaction experience, users should adopt the ‘Stop, Think, Act’ principle. By stopping at the point of unexpected requests, thinking and verifying the legitimacy of the information, and acting wisely by following established security protocols, users can effectively safeguard their transactions and protect sensitive information throughout the festive period.
