In this article: How to prevent an account takeover
Account takeover? What’s that?
The reality: An account takeover is when a cybercriminal gains access to your Flipkart credentials and logs into your account pretending to be you. Once the criminal has access to your account, he or she may be able to make purchases and transactions, redeem reward points and SuperCoins too. According to an industry report, there was a 90% increase in account takeover crimes in India between January and May 2021. Sounds frightening? Keep reading.
The good news: Minimizing the odds of an account takeover is easy. You can keep your Flipkart account secure with a few good online habits.
Here are 7 ways to prevent and deal with an account takeover.
#1: Avoid malicious websites and apps
Running a fake Flipkart website or app is a tactic that fraudsters use to steal your Flipkart user ID and password. A fake website or app is designed to look just like the genuine one from Flipkart, and fraudsters try to entice you into giving away your credentials. However, there are clear warning signs that you can rely on:
- The discounts are unreal, such as 98% off on iPhone 13 Pro
- The website URL does not end with “Flipkart.com”
- Your connection is “not secure”, which means the website does not use HTTPS (the padlock is not present besides the URL)
Here are more tips on how to spot a fake Flipkart website or app.
#2: Don’t entertain suspicious messages
Cybercriminals love to trap innocent users with emails, SMSes, and social media messages that seem genuine. In reality, these fake Flipkart messages or ads, which promise discounts, offers, and more, are just a way for fraudsters to carry out an account takeover. Further, they may be doorways to malicious software that works in the background to steal your data. The best approach is to avoid clicking links that come with suspicious messages. Shop directly on the official Flipkart website or app instead. Be responsible and report fake Flipkart messages, websites, and apps to protect others.
#3: Never provide your account details via call
Fake calls are a go-to method used by fraudsters who have intentions of an account takeover. Here, they pose as “helpers” and offer to provide assistance in making a purchase, securing your account and so on. Flipkart’s official representatives will never ask you for personal login details, and you should never share email IDs, passwords, and OTPs over a call.
#4: Change your passwords regularly to prevent account takeover
It’s possible that you visited a malicious website in the past. Similarly, fraudsters may shop for credentials on the dark web and have access to your login details partially. Changing your passwords often ensures that the data fraudsters have is outdated. Flipkart even offers you the option of changing the email ID linked to your Flipkart account.
How to set a strong password?
- Avoid using your name or common sequences like “qwerty” or “1234” in your password
- Use a combination of at least 8 characters containing letters, numbers and symbols. Create a strong password using a combination of at least one capital letter, a numeral and a special character in random order.
- Example of a weak password: Flipkart#1234
- Example of a strong password: BD2!ex9@@ (don’t copy this password!)
- Enable OTP-based authentication when possible
Read more about other ways of securing your Flipkart account.
#5: Use different login details on other e-commerce sites
You may like to shop at different online stores, and it is best to use different passwords on each of them. This way, your Flipkart account is protected from an account takeover even if there is a data breach on another company’s database.
#6: Watch out for suspicious activity on your accounts
Once a fraudster conducts an account takeover, he may try to lock you out of your account by changing your password. Most websites, including Flipkart, require an OTP to be entered before a password can be changed. If you receive an OTP on your email ID or phone number authorizing a password change or reset, and you haven’t asked for it, then something is wrong. Likewise, if you get a message about a login from an unknown location or suddenly see items added to your cart, it could be a sign that someone has access to your account.
#7: When in doubt, contact customer care
If you think you are a victim of an account takeover, get in touch with Flipkart. Immediate reporting helps companies prevent unauthorized transactions. You will also be advised to:
- Change your passwords
- Log out of all accounts and log back in
Other ways to prevent account takeover
You can also ensure the security of your account by preventing unauthorised access through other ways, such as:
- Limiting the number of login attempts
- Statistics show that elderly internet users are in a high-risk category. You may want to shop online with a younger and well-informed family member whom you trust, especially if you are an elderly user unfamiliar with using online applications.
- Avoiding storing passwords in your browser, especially if you use a shared computer
Ultimately, cybercriminals seek to “take over” your most important accounts — those which can authorize financial transactions. They may do this behind the scenes and slowly. So, the best policy is to browse safely and be aware of the activity in your accounts, be it your Flipkart account, your email, or your bank account. Keep your wits about you and you can enjoy a great shopping experience every time you visit Flipkart!
Report fakes, frauds and scams that misuse Flipkart’s name
Have some fun at the fraudster’s expense! Rate the best and worst Flipkart fake website scams
Read more customer education articles in our Safe Shopping section