A message with a link to Flipkart’s website, saying that the online mall is offering massive discounts is doing the rounds on social media. The link takes a user to the website, where a wide array of products are available on sale, for absurdly slashed prices, such as 99 percent off.
The only catch? The website is fake.
One of the latest scams targeting the popular online shopping website, this link actually directs a user to a website which looks very similar to the actual Flipkart official website. And the ongoing sale is one attractive enough to tempt users.
Moreover, the link used by the fake website ( http://flipkart.hikhop.com/ ) is similar enough to the actual link for users to mistakenly continue in their purchasing.
SO HOW DOES THE SCAM WORK?
Once a user is on the website, they will be pulled in by the attractive discounts. Here is what a user sees.
Once a user selects a product and adds to the virtual cart and proceeds to purchase, they see the usual form to be filled in with details such as name, address etc.
Normally, a user would mandatorily need to fill in these details. One hint that this is a fake website is that even without filling in the required fields, it is possible to proceed to the next page. Now, the user arrives at the stage, where he/she is told how much they would have to pay for the product on delivery. For example, this speaker here can be bought for Re 1!
Once the user confirms the order, they are taken to the next page, where they are told that in order to avail of the deal, they need to extend an invite to a minimum of ten groups/friends.
But there’s a bypass. One can keep clicking on the button called ‘Invite Friends’ till the bar showing the progress is filled completely and then proceed to press ‘Confirm Order’.
At the last stage, the user is shown a final page where they are given an order number and an option to download an application.
If you click on the button to download the application, here’s what you see.
The user is re-directed to a Google Play store page where they can download a certain app. And no matter what product we tried to buy, we noticed that the app page at the end of the process was always the same.
So what’s the deal here? The end goal of the scam seems to be to get a user to download an app from the Google Play Store.
The assumption is that the goal of this scam was to boost the number of downloads of an app. Developers and creators can purchase a service online to boost the sales of an app.
Interestingly enough, there’s a timer on the landing page of the website, which would make any user hurry to avail the offers within an hour. But it actually renews itself after it runs out.
HOW DO YOU KNOW IT’S FAKE?
There are clues everywhere, really. Firstly, it’s probably too good to be true. But if you really want to believe in this, there are a few other things.
Check out the Flipkart logo on the top left in the fake website. There is an additional Lite along with ‘Flipkart’. This isn’t there in the real website.
Next, take a look at the banner on the fake website. The dates of the sale are shown as 4-18 July. But the July is written in a different font and a different colour. If you look closely, there’s also a smudge beside the ‘4th-18th July’.
Here’s why the banner looks like it does. Here is a photo of the real Flipkart sale banner, which says the dates are 14-18 May. The rest of the banner is identical – the children, the background and the text. So this real banner has clearly been edited – the 14th has become 4th and May has become July – to suit the purposes of the scam.
What else? Take a look at the URL at the top of the fake website. There’s a “Not secure” message appearing alongside, which would not be there for an official, safe and verified website. That’s a red flag right there. The ‘S’ in https:// (which shows up for safe websites) stands for secure and indicates that the website uses encryption to transfer data, protecting it from hackers.
Lastly, and the most technical way to prove it’s a fake website, we put in the website’s name into a website analysis tool called Domain Big Data.
Fake websites usually don’t last long and have fairly new domains. The domain here was just two months old and registered to the Andaman and Nicobar Islands. Further, the domain name is hikhop.com, so it is evidently fake.
A real Flipkart website’s domain analysis would have some link to Flipkart somewhere, like below.
This is registered to Flipkart Internet in Bangalore, where their headquarters is located.
This isn’t the first time a scam has been run using Flipkart’s name. In July 2018, the e-commerce website had even put out an advisory against such scams and what people can do in case they come across any such scam. Here’s what they had to say about scams that ask users to download third party apps, like this one.
So, in conclusion, this is a fake website which is part of a scam and the offer really is too good to be true!