Phishing scams surge during Diwali: Steps to stay safe

Diwali is our most luminous festival — the houses sparkle, sweets are shared, and enthusiastic shoppers are ready to splurge. But in India’s digital marketplace, amidst the glow, fraudsters also hide behind every tempting deal, laying down a cyber trap. Over the years, as online orders soar, so do phishing scams and brand-impersonation attacks. The recent McAfee’s 2025 Festive Season Research states that during Diwali sales, fake websites and phishing links see a pronounced uptick. The survey indicates that roughly 37% of Indians have experienced financial loss to festive scams, and 72% express fears of AI-driven deception. These are not just numbers; they are warning signs.

We stand at a junction: the promise of digital commerce collides with evolving fraud. As the leader of a company committed to safeguarding a brand’s digital trust, I would like to emphasise that this is not a seasonal issue anymore. This is a test of how brands and consumers will rise to protect the integrity of India’s digital ecosystem.

Why Diwali becomes a magnet for phishing

Diwali’s energy accelerates both opportunity and risk. As brands launch multiple offers and consumers browse at pace, fraudsters capitalise on urgency, oversight, and optimism.

• Spurious deals and lures. Messages promising extravagant discounts or gifts are circulated via WhatsApp, SMS, or email. These direct users to phishing pages that harvest personal or financial data.
• Impersonated digital identities. Fake domains, cloned handles, and look-alike microsites mirror legitimate brands. A subtle letter change or a false blue check can fool even vigilant users.
• Counterfeit apps and malware. Fraudsters occasionally create malicious APKs disguised as official apps, which, once installed, siphon data, intercept OTPs, or carry remote access features.
• AI / deepfake amplification. Today, fraudsters deploy AI to generate convincing voiceovers or video endorsements, enabling more persuasive scams. These techniques are no longer sci-fi; they’re active threats.

Brands must lead with vigilance — not reaction

Brand reputation is fragile. One phishing campaign targeting your name can erode trust earned over the years. Brands must become proactive to protect digital integrity during such a high-sales season.

1. Institutionalise Continuous Brand Monitoring

Phishing and impersonation don’t wait. You need always-on visibility across domains, social platforms, marketplaces, forums, and even the dark corners of the web. 

At mFilterIt, our tool Sentinel+, a brand protection solution powered with OSINT (Open- Source) technology, scans the digital universe to detect misused brand assets: phishing sites, cloned handles, counterfeit listings, and unauthorised digital replicas

2. Educate Proactively — Don’t Wait for the Attack

In the days leading to Diwali, brands should issue advisories across owned channels — emails, app banners, SMS, social posts. Clearly communicate your official domains, handles, and how customers can spot red flags. The more educated your audience, the smaller your attack surface.

3. Partner with Platforms & Authorities for Rapid Response

When fraudulent content surfaces, time is your enemy. Establish direct reporting lanes with social media platforms, app stores, and cybercrime cells. Verified brands should demand priority takedown support. A swift takedown can contain damage and send a deterrent signal.

Consumers: Your role is vital — be the sentinel for yourself

No matter how advanced a brand’s defences, individual vigilance remains critical. As a consumer, you have immense power to disrupt fraud.

• Verify before you click. Examine the sender address, look at the URL closely — a single misplaced character can flip legitimacy into a trap.
• Use official channels. Go directly to brand apps/websites — don’t rely on forwarded links.
• Check for HTTPS and valid SSL seals. They’re basic but often ignored.
• Question: “too good” offers. If it defies logic, treat it as suspicious.

Your alertness reduces the payoff for fraudsters. That strengthens the ecosystem.

Lighting the way: Trust, technology & tenacity

Diwali reminds us that light dispels darkness, a lesson equally relevant in our digital age. As commerce becomes more connected, so must the sense of responsibility.

Phishing is not a seasonal inconvenience; it is a systemic challenge that demands vigilance, collaboration, and accountability from every stakeholder in the digital ecosystem. The way forward is clear: awareness must become culture, and protection must become a practice.

This article is penned by Amit Relan, CEO & Co-founder, mFilterit.

Disclaimer: The article features the opinion of the author and does not necessarily reflect the stance of the publication.