Cyber attacks in India have become a huge headache lately for businesses and to add to the woes, the latest findings by Cyberpeace Foundation revealed that Chinese hackers based in Guangdong and Henan provinces have targeted millions of Indians through shopping scams targeting Amazon India and Flipkart.

The scams were most prominent during festival season sales in the month of October and November. Hackers lured users by creating spurious links, thereby asking to click on them to participate in online contests and win prizes. This was done through WhatsApp messages and are supposedly sent to millions of Indians.

Using elements from the sales campaigns by Amazon India and Flipkart, the scammers tried to trick the users by coming up with, “Big Billion Days Spin the Lucky Wheel” and “Amazon Big Billion Day Sale” within a few days of Flipkart’s Big Billion Day sale, the report said

The investigation revealed some shocking details as it showed that the domain links made for the scams were registered in China specifically in Guangdong and Henan province to an organisation called Fang Xiao Qing and were registered using Alibaba’s cloud computing platform. These links used for the scams are still operational and active.

The Chinese hackers created fake accounts with the help of fake images and comments to send scam links.

“Ecommerce scams are not new but what’s more alarming is the covert cyber warfare Chinese entities are launching in India on a repeated basis,” the collected information could be peddled and used to conduct more such cyber attacks in Tier II and Tier III cities where people’s knowledge about cybersecurity is very low.

There are several instances of the data breach and cyberattacks on PM Modi’s website narendramodi.in, believed to have impacted 5 lakh users which shows the poor cybersecurity infrastructure in the country.

Haldiram’s witnessed a ransomware attack on its servers by unidentified hackers who have allegedly stolen crucial data and demanded a ransom of $7, 50,000.

Several Indian platforms in the past have seen data breaches. Earlier in May, it was reported that data of 4.75 crore Truecaller were found to be up for sale on the dark web.