Infopercept warns of rising phishing and smishing attacks targeting millions of former gaming subscribers amid regulatory shift.
The recent nationwide ban on money-based online gaming in India marks a significant regulatory milestone aimed at curbing gambling-related risks. However, cybersecurity firm Infopercept has raised alarms about a new wave of digital threats emerging in the wake of the ban.
According to Infopercept, cybercriminals are capitalizing on the uncertainty and disruption caused by the ban, targeting former subscribers with sophisticated phishing and smishing campaigns. These attacks often masquerade as refund notifications, account closure alerts, or promotions for “legal alternatives,” luring users into revealing sensitive personal and financial information.
The firm anticipates a sharp increase in:
- Fake refund and account closure messages,
- Fraudulent SMS/emails promoting alternative platforms,
- Social engineering scams impersonating gaming companies, regulators, or banks.
Infopercept has issued a detailed advisory outlining the risks and offering recommendations for both users and organizations to stay protected.
The advisory emphasizes the importance of cybersecurity awareness, especially during periods of regulatory transition. Organizations are encouraged to educate their users, implement robust email and SMS filtering systems, and monitor for impersonation attempts.
As India navigates this new digital landscape, experts stress that proactive cybersecurity measures will be key to safeguarding millions of users from falling victim to scams.
Infopercept Advisory
Phishing & Smishing Risks in the Wake of the Online Gaming Ban
Context
With the government moving to ban all money-based online gaming, millions of users who previously engaged with such platforms will suddenly find themselves cut off. While this move may curb gambling-related risks, it also creates a new cybersecurity concern: attackers are likely to exploit the confusion with phishing and smishing campaigns targeting former subscribers of these platforms.
Why Users Are at Risk
- High User Base: Gaming platforms had millions of subscribers whose data may already be circulating in underground markets.
- Confusion Around Refunds & Account Closures: Players may expect refunds of wallet balances or closure confirmations, giving attackers an opportunity to send fake SMS and email notifications.
- Shift to Unregulated Alternatives: Some users may seek offshore or unverified platforms, where cybercriminals thrive.
- Increased Social Engineering: Attackers may impersonate gaming companies, regulators, or even banks to lure victims.
Common Attack Vectors
- Phishing Emails claiming to be from gaming platforms asking users to “verify details for refund.”
- Smishing (SMS phishing) with links to fake portals that steal banking credentials.
- WhatsApp/Telegram Messages offering “safe new platforms” or “legal alternatives.”
- Fake Support Calls claiming to assist with account deletion or refund processing.
Infopercept Recommendations
For Users
- Do not click on unsolicited links related to refunds, account status, or alternative platforms.
- Never share sensitive information such as OTPs, banking passwords, or Aadhaar details over phone, SMS, or email.
- Use only official communication channels of banks and payment providers for refund queries.
- Install security updates and use trusted security tools on mobile and desktop devices.
- Report suspicious messages to telecom spam reporting numbers or national cybercrime helplines.
For Organizations
- Awareness Campaigns: Educate employees and customers about potential scams.
- Threat Monitoring: Track phishing domains and SMS campaigns spoofing gaming brands.
- Incident Response: Strengthen reporting and response mechanisms to quickly block fraudulent campaigns.
- Multi-factor Authentication: Encourage use of MFA for financial and online accounts to limit damage from stolen credentials.
Closing Note
While the gaming ban reduces risks tied to gambling, it increases exposure to cyber fraud during the transition. Infopercept urges individuals and organizations to stay vigilant against phishing and smishing attempts. Security is not just about technology—it is about awareness and proactive defense.
