As Kolkata ushered in the New Year, a wave of sophisticated online scams swept through the city, leaving a trail of financial loss and stolen personal data. Cybersecurity experts and police officials have issued urgent warnings about fraudsters employing fake event tickets, hotel deals, and delivery-related links to dupe unsuspecting citizens.
How the New Year Scams Unfolded
Over the last month, victims of these elaborate fraud schemes have collectively lost approximately Rs 40 lakh. The scams typically began with enticing advertisements on social media platforms, messaging apps, and even search engine results that cleverly mimicked legitimate brands. The offers were hard to resist: heavily discounted tickets for New Year's concerts, attractive last-minute travel packages, and exclusive restaurant reservations.
Once users showed interest, they were directed to cloned websites that looked authentic or were asked to make payments through QR codes and instant payment links. In some cases, merely responding to a message to show consent was enough for the fraudsters to initiate their plan, after which the so-called seller became completely unreachable.
Malicious Links and Remote Access Threats
Cybersecurity analysts highlighted another prevalent tactic. Many residents received messages about "delivery reschedule" or "courier pending" that contained shortened URLs. Clicking these links led to sophisticated phishing pages designed to steal sensitive information like credit card details, UPI PINs, and one-time passwords (OTPs). Alternatively, users were prompted to install malicious Android application packages (.apk files) disguised as parcel tracking tools or booking applications.
In severe cases, this malware granted criminals remote access to the victim's smartphone, allowing them to initiate unauthorized transactions directly. Police officials from Kolkata, Barasat, and Bidhannagar confirmed a parallel trend involving fake customer care numbers posted online. Individuals seeking help for refunds, booking changes, or payment failures were persuaded to share screen access or install remote support applications, leading to their bank accounts being drained within minutes.
Official Advisories and Protective Measures
In response to the surge, banks and payment platforms have issued advisories urging extreme caution. The key recommendations include:
- Never share OTPs, UPI PINs, or card CVV numbers with anyone.
- Always verify the merchant's identity before completing any payment.
- Check website URLs carefully for slight misspellings or unusual domains.
- Avoid deals that pressure you for immediate payment.
- Use only official apps or verified social media handles for bookings and customer support.
Authorities have stressed that victims should immediately report incidents to the National Cyber Crime Reporting Portal and their local police station. If financial credentials are compromised, contacting the bank instantly to block cards or freeze accounts is crucial. Cybercrime teams are actively monitoring scam domains and coordinating takedown requests, but they warn that new fraudulent links and pages are being created rapidly, especially during festive and holiday periods like New Year's.
