Flipkart Impersonation Scam in Sri Lanka
⚠️ Disclaimer
This article has no connection to the legitimate Flipkart platform or its services.
Flipkart is a real and widely used e-commerce marketplace. The activity documented in this report involves impersonation of the Flipkart name, branding, and interface to deceive users. We are reporting on the impersonators — not the company.
Case Overview
This report documents a brand-impersonation scam observed targeting users in Sri Lanka, where attackers used the Flipkart name and visual identity to operate a fake shopping and account portal.
The operation combined look-alike websites, fake login and signup pages, and misleading promotional content to harvest user data and potentially escalate toward financial fraud.
This case is presented as a reference instance, not an isolated event.
Brand Clarification & Impersonation Context
Flipkart is a legitimate e-commerce platform offering online retail services across a wide range of product categories, including fashion, electronics, travel accessories, and household goods.
The scam documented here does not originate from Flipkart.
The websites, login screens, and signup flows observed are unauthorized and unaffiliated, designed solely to exploit user trust in the Flipkart brand.
Method of Initial Exposure
Users were directed to a look-alike website through external links, advertisements, or forwarded messages. The domain used in this case did not belong to Flipkart.
Despite this, the page prominently displayed Flipkart branding, colors, and layout elements consistent with the legitimate platform.
This created the impression that the user was interacting with a real Flipkart service.
Fake Platform & Interface Design
The impersonation site replicated key elements of Flipkart’s mobile interface, including:
- Flipkart logo and color scheme
- Product banners advertising large discounts
- Search bars and category sections
- Navigation icons resembling a shopping app
These elements were used purely for visual legitimacy. There was no evidence of real product fulfillment or connection to Flipkart’s backend systems.
Credential Harvesting Mechanism
Users were prompted to log in or sign up using their mobile number and password. The fake signup form requested:
- Phone number
- Verification or graphic code
- Password and password confirmation
- A “merchant” or referral code
The presence of highlighted example values and arrows strongly suggests that users were being guided step-by-step to submit information, rather than authenticating with a real service.
This indicates credential harvesting, where entered data is captured by the scammers.
Risk Escalation Potential
Operations of this type typically escalate in one or more of the following ways:
- Reuse of harvested credentials on other platforms
- Social engineering follow-ups via WhatsApp or Telegram
- Requests for deposits, activation fees, or task participation
- Redirection into task-based investment or reward scams
Even if no immediate financial loss occurs, credential exposure alone poses serious risk.
Pattern Indicators
This operation exhibits multiple red flags consistent with known impersonation and scam patterns:
- Brand impersonation using a trusted marketplace
- Use of non-official domains
- Fake login and signup interfaces
- Instructional overlays guiding data entry
- Absence of verifiable company or support information
The retail theme is interchangeable.
The impersonation mechanism is not.
Pattern Confirmation
Although presented as a shopping or travel-related Flipkart service, the structure aligns with recurrent scam frameworks observed across multiple brands and industries.
The name changes.
The interface changes.
The goal remains the same: exploit trust, capture data, and enable fraud.
Reference Material
This case should be read alongside the following resources, which document both the structure of these scams and the steps to take after exposure:
