Raksha Bandhan Scams Surge in India: Phishing, Fake Stores, and Virtual Sibling Cons Target Festival Shoppers

As families across India prepare to celebrate Raksha Bandhan, cybercriminals are also gearing up — not with gifts, but with fraudulent campaigns designed to steal money and personal data.

In a recent threat intelligence update, CloudSEK reported a sharp rise in Rakhi-themed phishing, fake e-commerce, and payment scams, warning that “fake websites, unbelievably low prices, and attractive offers” are being weaponized to lure unsuspecting victims.

Fraudsters are leveraging SMS, email, and WhatsApp messages claiming “Your Rakhi gift is on the way” or offering “exclusive Rakhi sale coupons”. Many mimic courier brands like India Post, falsely stating that deliveries are delayed due to “incomplete addresses” and urging users to pay a small “re-delivery fee.”

CloudSEK warns that clicking such links can “lead to malware on your phone or theft of payment data.”

A particularly deceptive method exploits the “@” symbol in URLs — for example, ecom.com@hackerswebsite.com — making links look like they belong to legitimate e-commerce sites, while actually redirecting to malicious .cyou domains.

Scammers are creating clone websites and fake Instagram stores selling rakhis, sweets, and even high-value items like the iPhone 16 Pro for ₹599 as a “Rakhi special.” These platforms collect payment details, then redirect funds directly to the attacker’s account.

One such ad led victims to rakshabandhanoffer.in.net/RakhiOff/, a fraudulent site impersonating a popular e-commerce brand.

Attackers are circulating multi-language phishing campaigns — in Hindi, Telugu, and Tamil — offering fake ₹5,000 “government gift cards” under the guise of the Prime Minister’s Mudra Yojana. Clicking “Scratch Here” triggers a UPI payment request to the scammer’s account.

CloudSEK traced one UPI ID, 34161FA82032*AA2D24E6B40@mairtel, to a business named udayrajkiranastore and linked it to a Facebook profile of a suspect identified as Shyam Saini.

Some attackers exploit the festival’s emotional significance. In one case, a Mumbai woman lost ₹8.20 lakh to a scammer posing as her London-based “brother” who claimed he needed customs and delivery fees for her gift.

These “virtual sibling” scams use fabricated urgency and trust to coerce payments.

Scammers are also impersonating e-commerce support teams via WhatsApp calls or video chats, requesting victims to share their screens. As CloudSEK notes, this enables attackers to “push a malicious app prompt and capture OTPs to drain bank accounts.”

Related Posts:

• Chinese Fraudsters Target India’s UPI: The Rise of Counterfeit Loan Apps
• Security Alert: Hackers Can Access Google Accounts Without Passwords
• Threat Actors Exploit Fake Brand Collaborations to Target YouTube Channels
• India plans to require e-commerce, social media companies such as Google Facebook to store data locally

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy