Diwali and Pooja Domains Targeting Shoppers: Beware of Online Scams This Festive Season

It’s the season of lights, joy, and unfortunately, cyber scams. Cybersecurity researchers from CloudSEK have uncovered a surge in malicious campaigns capitalizing on the festive spirit with “Diwali” and “Pooja” domains. Brace yourself as we dive into the details of this digital deception and how you can shield yourself from falling into the trap.

Riding the Festive Wave: Phishing on the Prowl

Picture this: you’re gearing up for some festive online shopping, but lurking beneath the sparkle are cybercriminals with tricks up their sleeves. CloudSEK’s report sheds light on an alarming 828 unique domains identified through Facebook Ads Library, all geared towards phishing campaigns targeting recharge and e-commerce sectors.

The Art of Deception: Typosquatting Unveiled

Ever heard of typosquatting? It’s not as complicated as it sounds. Cyber tricksters are using this technique to create fake domains that mimic legitimate ones. Take, for instance, shop.com turning into shoop.xyz, offering the same features and content to fool less tech-savvy users. Sneaky, right?

Diwali and Pooja Domains: More Than Meets the Eye

The report reveals that domains featuring the keywords “Diwali” and “Pooja” found a home on a Hong Kong-based ASN by Megalayer Technologies. What’s the catch? These seemingly innocent domains redirect users to Chinese betting pages, playing on the increased internet traffic during Diwali.

From Scams to Spins: Gambling in Disguise

Beware of festive cheer turning into a gamble! Cybercriminals exploit the festive buzz to target unsuspecting users with fake gambling websites. A newly created domain linked to Diwali ended up redirecting users to various gambling platforms, including Bet 365 and MGM.

Social Media Shenanigans: Crypto Caution

The report doesn’t stop there. Malicious users on Facebook and other social platforms are playing a different game. They’re luring genuine users into registering on unreliable cryptocurrency websites. One such example is Bot Bro, enticing consumers with free life insurance and TLC coins, all leading to untrustworthy crypto platforms.

Jewels and Trojans: Unmasking a Diwali Deception

If you thought e-commerce for jewelry was safe, think again. An e-commerce website registered during October, with “Diwali” in its domain name, was found requesting users to download an application embedded with an Android Trojan. The glittering jewels may hide digital dangers.

Securing Your Festive Online Experience: 5 Essential Protection Measures

As the festive season unfolds, ensuring a safe online experience is paramount. Here are five key protection measures to safeguard yourself from cyber threats:

  • Verify Website URLs:

Mind the Details: Exercise caution when entering website URLs. Cybercriminals often use subtle misspellings to create deceptive domains. Double-check the legitimacy of the site before making any transactions.

  • Enable Two-Factor Authentication (2FA):

Double Layer Security: Strengthen your account security by enabling Two-Factor Authentication (2FA) whenever possible. This adds an extra layer of protection, requiring a secondary form of identification.

  • Use Reliable Antivirus Software:

Stay Shielded: Install and regularly update reputable antivirus software on your devices. Conduct routine scans to detect and eliminate potential threats to your system.

  • Beware of Social Media Scams:

Exercise Caution: Be skeptical of unsolicited messages or posts offering extraordinary deals or freebies on social media. Verify the legitimacy of such offers before clicking on any links.

  • Monitor Financial Statements:

Stay Alert: Regularly check your bank and credit card statements. Promptly report any unauthorized transactions to your financial institution. Timely monitoring helps identify and address potential fraudulent activity.

By prioritizing these five protection measures, you can navigate the online landscape with confidence, ensuring a secure and enjoyable festive season. Stay vigilant, stay secure, and celebrate with peace of mind.

Stay Vigilant: Your Digital Armor

As you navigate the festive fervor online, stay vigilant. Be cautious of unfamiliar domains, double-check website URLs, and avoid clicking on suspicious links. Cybersecurity is your digital armor, and a little awareness goes a long way in safeguarding your festive cheer.

In conclusion, as you light up your homes and celebrate the festival of lights, ensure your online presence stays equally illuminated with awareness. Don’t let cyber grinches steal your joy this Diwali!



  1. William Bentick Avatar
    William Bentick

    Malicious users on Facebook and other social platforms are playing a different game. They’re luring genuine users into registering on unreliable cryptocurrency websites.

  2. David Blake Avatar
    David Blake

    During Diwali and Pooja shopping, beware of fake online stores, phishing messages seeking personal information, social media scams, suspicious gift card requests, and potential delivery scams. Stay aware, verify sources, and protect your personal information to avoid identity theft or financial loss.

Join the Discussion

Discover more from Domain Magazine

Subscribe now to keep reading and get access to the full archive.

Continue reading

Verified by ExactMetrics