Fraud Awareness: Beware of Dormant E-Commerce Account Scam

So you created an account on Flipkart in 2019, bought one pair of socks, and then completely forgot it existed. Your saved debit card is sitting right there like an unlocked treasure chest. And guess what? A scammer just found the key. Welcome to the world of the dormant e-commerce account scam — the cyber fraud that targets your laziness, your forgetfulness, and your love for saving card details "for convenience."

This is not one of those boring fraud alerts that only IT departments send on a Monday morning. This is the real deal. Every day, thousands of people across India are losing money from shopping accounts they completely forgot they had. If you have ever created an account on Amazon, Flipkart, Meesho, Myntra, Nykaa, or any other online shopping platform and never officially deleted it — this post is written specifically for you. Read it before a scammer does what you should have done a long time ago: log into your old account.

To stay safe online, you also need to understand basic what phishing is and how it works because most of these scams start with a phishing message. Fraudsters are smart, polished, and extremely patient. But after reading this post, you will be smarter. So grab your chai and let us get into it.

What is a Dormant E-Commerce Account? (And Why You Should Care)

A dormant e-commerce account is simply any online shopping account that you stopped using but never officially closed or deleted. Think of it as a house you moved out of but forgot to return the keys for. You are gone, but the door is still there. And scammers are constantly checking for unlocked doors.

These accounts are risky because they often still have your saved credit card or debit card details, your UPI-linked payment methods, your home address, your mobile number, and sometimes even stored wallet balances or reward points. All of this becomes a goldmine for online fraudsters targeting inactive accounts.

Because you are not checking these accounts regularly, any unauthorized transaction from a dormant account can go completely unnoticed for weeks or even months. By the time you see something odd on your bank statement, the scammer is long gone with your money, your points, and possibly even more of your personal data.

What is the Dormant E-Commerce Account Scam?

The dormant e-commerce account scam, also called an inactive account takeover fraud, happens when a cybercriminal gains unauthorized access to your old, unused shopping account and misuses everything stored inside it.

Once inside your account, the scammer can place expensive orders using your saved payment methods, redeem all your loyalty points and cashback rewards, steal your personal and financial information, use your account as a mule account to launder money, and even change your login credentials so you get completely locked out.



According to cybersecurity experts cited across major Indian publications, e-commerce account fraud in India is rising sharply because attackers have realized that inactive online shopping accounts attract far less attention than bank accounts. Most people check their bank statements. Almost nobody checks their old Myntra account.

How Does This Scam Actually Work? (Step by Step)

Understanding how this scam operates is the best protection you can have. Here is the exact sequence that cybercriminals follow to steal from your forgotten accounts:

Step 1: Finding Your Forgotten Account

Scammers do not randomly guess your old shopping accounts. They have access to massive databases of leaked usernames and passwords from old data breaches. Websites get hacked all the time, and when they do, millions of login credentials get sold on the dark web.

If you used the same password on your old e-commerce account that you used on some other website that got hacked five years ago, a scammer can now log into your shopping account today using that old password. This technique is called credential stuffing, and it is completely automated. A bot can test thousands of account combinations per hour.

Step 2: The Fake Message Trick (Phishing Attack)

Another very common entry point is through a fake message that looks frighteningly real. You might receive an SMS, WhatsApp message, or email that says something like:



The link takes you to a website that looks exactly like the real Flipkart or Amazon login page. When you enter your credentials and OTP, the scammer captures everything instantly and logs into your real account before you can even finish your tea.

This is why learning to identify and protect yourself from phishing attacks is absolutely critical in today's digital world. The messages are getting smarter, more personal, and harder to spot.

Step 3: Malware and Fake APK Files

Some scammers go a step further. They send you a fake shopping app or an APK file via WhatsApp or Telegram claiming it gives you "special discounts" or "early sale access." The moment you install this fake app, a keylogger malware starts recording everything you type — including your banking passwords, OTPs, and card details.

For this reason, always be extra careful about protecting your Android phone from malware and viruses. Never install APK files from outside the official Play Store or App Store.

Step 4: SIM Swap Attack

A SIM swap scam is when a fraudster contacts your mobile carrier and convinces them to transfer your phone number to a new SIM card under the scammer's control. Once they have your number, they receive all your OTPs, reset your account passwords, and take full control of your shopping accounts.

This is one of the most sophisticated methods used in e-commerce account takeover fraud and has been confirmed by cybersecurity organizations including SentinelOne and multiple Indian cybercrime experts.

Step 5: Device Farming — The Industrial Scale Attack

Experts have also flagged a newer method called device farming, where criminals use dozens or even hundreds of phones with different SIM cards and automated tools to simultaneously control multiple stolen accounts. They mimic normal user behavior to avoid fraud detection systems, making it extremely hard for platforms to catch them quickly.

Red Flags: How to Spot This Scam Before It Is Too Late

The earlier you spot these warning signs, the better your chances of protecting your money. Here are the biggest red flags of a dormant account fraud attempt:

🚩 Extreme Urgency in Messages

Any message that says "Act NOW or lose your account forever" is almost certainly fake. Real companies like Amazon and Flipkart do not threaten you with permanent deletion over SMS or WhatsApp. Urgency is the scammer's best weapon because panic makes people stop thinking.

🚩 Suspicious or Misspelled Links

Check the URL carefully before clicking anything. Scammers create domains like "amaz0n-in.com" or "flipkart-support.shop" that look almost identical to the real thing. A genuine e-commerce platform will never send you a link that looks even slightly off. To better understand how to detect and fix phishing website warnings and red screen errors in Chrome, it helps to know what suspicious URLs look like.

🚩 OTP You Never Requested

Receiving an OTP on your phone when you did not try to log in anywhere is a major red flag. This means someone is trying to access your account right now. Do NOT share this OTP with anyone, ever. No legitimate company will ever call you and ask for your OTP.

🚩 Reward Points Expiry Bait

"Your 5,000 reward points will expire in 24 hours!" is another classic scammer trick. They know you will rush to log in through their fake link just to save those points. But there is no prize waiting — only a stolen account.

🚩 Unexpected Login Notifications

If you receive an email or SMS saying your account was accessed from a new device or location and you did not do it, take immediate action. This means your account may already be compromised.

Why Are Dormant Accounts Such Easy Targets?

This is a question that comes up a lot: why would a scammer go after an old, unused account instead of a fresh one? The answer is simple and slightly embarrassing for all of us.

Old accounts are often protected by weak, recycled passwords that were set years ago when password security was not taken seriously. They still have your full payment details saved because you were too lazy to remove them. Nobody is watching them, so fraud can go on for weeks undetected. Platforms are also less likely to flag unusual activity on accounts that have been inactive for a long time, because their fraud detection systems look for sudden changes in normal patterns — and for a dormant account, there is no normal pattern to compare against.

This is why cybersecurity experts consistently recommend practicing good online safety habits for internet users and bank account holders. Your digital hygiene matters just as much as your physical hygiene. Nobody leaves their front door unlocked all year. Do not leave your accounts unlocked either.

Is a Dormant Account Safe? What About Money Laundering?

No, a dormant account is NOT safe if it still holds payment information. Let us address this directly.

Dormant accounts are a risk for money laundering too — not just shopping fraud. Criminals sometimes use hijacked accounts to route illegally obtained money through purchases and refunds, making your account appear to be the source of fraudulent transactions. This could potentially involve you in legal trouble you had nothing to do with.

As for bank accounts: a dormant bank account in India is one that has had no transactions for two or more years. Banks are required by RBI to freeze such accounts after a period of inactivity. Is it bad to have a dormant bank account? Yes, because funds can get transferred to the RBI's Depositor Education and Awareness Fund if the account stays inactive for too long. The same principle applies to e-commerce — inactivity is not safety.

Combine your digital safety practices with safe mobile banking practices to keep all your financial accounts under proper supervision and control.

How to Check If an E-Commerce Website Is Real or Fake

This is one of the most searched questions online, and for good reason. Here is a simple checklist to verify any shopping website before trusting it with your card details:

• Check the URL carefully: The official website must start with "https://" and the domain must match exactly. Amazon.in is real. Amazone-in.shop is not.
• Look for the padlock icon: A secure website always shows a padlock symbol in the browser address bar. No padlock means no trust.
• Search for reviews: Before shopping on any unknown site, search "[website name] + reviews + fraud" on Google. Real people share real experiences.
• Check contact information: Legitimate websites have working phone numbers, email addresses, and physical addresses. Fake sites usually have none or provide fake ones.
• Verify with About Us and Return Policy pages: Fake sites often have blank, copy-pasted, or missing policy pages.
• Use Google's Safe Browsing Tool: Visit Google Transparency Report and check the URL. It tells you whether the site is safe or flagged for phishing.

If you want to improve your overall internet browsing safety habits, learning some smarter Google search techniques and web browsing tips can actually help you quickly identify suspicious websites before you click on them.

What Are Examples of E-Commerce Fraud?

Besides the dormant account scam, here are other common forms of e-commerce fraud in India that you should be aware of:

1. Fake E-Commerce Website Scam

You find a site selling iPhones at 70% off. You pay. You wait. Nothing arrives. The site vanishes. This is the most classic online shopping fraud example in India. Scammers create convincing fake shopping sites and disappear after collecting payments.

2. UPI and Payment Link Fraud

Scammers send you a fake "refund link" that actually debits your account instead of crediting it. They may also send QR codes and ask you to scan them — scanning a QR code to receive money makes zero sense. Scanning sends money; it does not receive it.

3. Fake Seller / COD Return Fraud

Some fraudulent sellers on marketplaces send empty boxes or wrong products and then blame you when you raise a return request. This is also a growing problem for legitimate sellers who receive completely different items in return packages.

4. OTP-Based Account Takeover

Someone calls pretending to be Amazon or Flipkart customer care. They ask for your OTP to "verify your account." The moment you share it, they are inside your account placing orders.

5. Fake Job / Work From Home E-Commerce Listings

Scammers post fake product review or data entry jobs related to e-commerce platforms, collect a registration fee, and disappear. Many Indian job seekers fall for this trick every single day.

Understanding all the different ways you can be targeted online helps you stay one step ahead. For people looking to also earn safely from the internet, checking out legitimate work-from-home online jobs that are actually real and trustworthy is important before investing any time or money.

How to Prevent Fraud in E-Commerce Transactions: 10 Must-Follow Rules

Now comes the part that will actually save your money. Follow these steps seriously and your chance of falling victim to e-commerce account fraud prevention goes up dramatically.

✅ 1. Delete All Accounts You No Longer Use

This is the single most powerful step. If you are not using a platform, go into the settings and officially delete your account. Do not just stop logging in — actually close it. Search for "how to delete [platform name] account" and follow the steps. Most platforms hide this option deep in settings, but it is there.

✅ 2. Remove All Saved Payment Methods

Go into every shopping app you use and remove all saved cards, UPI IDs, and wallets. Yes, it is slightly less convenient to re-enter your card every time. But it is a lot more convenient than losing your money. For tips on keeping your devices safe while doing this, understanding essential Android phone safety tips and tricks is a great starting point.

✅ 3. Use Strong, Unique Passwords for Every Platform

Using the same password for multiple sites is the number one reason people get hacked through credential stuffing attacks. Use a password manager to generate and store unique passwords for each account. Your brain cannot remember 50 different complex passwords — that is what password managers are for.

✅ 4. Enable Multi-Factor Authentication (MFA)

Multi-factor authentication for online shopping accounts adds a second layer of verification before anyone can log in. Even if a scammer knows your password, they cannot log in without your phone. Enable MFA on every account that supports it — especially email, banking, and shopping apps.

✅ 5. Never Click Links in Unsolicited Messages

Bookmark your favorite shopping sites. When you need to visit Amazon or Flipkart, open the bookmark or type the URL directly. Never click links sent via SMS, WhatsApp, or email unless you specifically requested that message. This one rule alone blocks the majority of phishing-based shopping account fraud.

✅ 6. Never Share OTPs With Anyone, Ever

This should be tattooed on every Indian smartphone user's brain. No real company — not Amazon, not Flipkart, not your bank, not the RBI — will ever call you and ask for your OTP. The moment someone asks for your OTP, end the call immediately and report it. For more guidance, read about protection against phishing, smishing, and vishing attacks to know exactly how these OTP theft calls work.

✅ 7. Enable Transaction Alerts on All Cards

Make sure your bank sends you an SMS or app notification for every transaction — including small ones. Scammers often test a stolen card with a small purchase first before making a big one. If you catch the small one, you can block the card before the big one happens.

✅ 8. Regularly Review Your Account Statements

Set a reminder to check your bank and credit card statements every week. Also log into your active shopping accounts once a month and review your order history. Any unfamiliar order is a red flag that needs immediate action.

✅ 9. Download Apps Only From Official Sources

Only install apps from the Google Play Store or Apple App Store. Never install APK files sent via WhatsApp, Telegram, or email. Fake shopping apps can look identical to the real ones but are designed to steal your login credentials. For safety recommendations, check out the most essential mobile apps to install after getting a new smartphone for a clean, safe start.

✅ 10. Secure Your Gmail or Email Account Tightly

Your email is the master key to all your other accounts. If a scammer accesses your email, they can reset passwords for every shopping account you own. Enable two-factor authentication on your email immediately. Also regularly review Gmail security settings and how to protect your Google account from unauthorized access.

What to Do If You Are Already a Victim of This Scam

If you suspect your account has been compromised, act fast. Every minute counts because scammers move quickly once they are inside.

⚡ Step 1: Change Passwords Immediately

Log into the compromised account immediately (or try to) and change your password right away. Also change passwords on all other accounts where you used the same or similar password. Use strong, unique passwords that you have never used before.

⚡ Step 2: Contact Your Bank and Block Your Cards

Call your bank's 24-hour customer care number immediately and ask them to block any cards linked to the compromised account. Also freeze any suspicious transactions that may have already gone through. Most banks allow this through their mobile apps as well. For more guidance on banking safely, check out safe online banking practices and cybersecurity guidelines for bank users.

⚡ Step 3: Report the Fraud to the Platform

Contact Amazon, Flipkart, Meesho, or whichever platform was compromised and report unauthorized access to your account. Most platforms have a dedicated fraud team that can freeze the account, reverse fraudulent orders, and escalate the matter internally. For Flipkart, go to "My Orders" and use the "Need Help" option. For Amazon, go to "Your Orders" and click "Problem with Order."

⚡ Step 4: File a Cybercrime Report

Report the incident immediately to the National Cybercrime Reporting Portal at www.cybercrime.gov.in or call the cybercrime helpline number 1930. This is a free, government-operated service available 24 hours a day. Keep all screenshots, transaction IDs, messages, and any evidence ready before calling.

⚡ Step 5: File a Police Complaint If Needed

For large amounts, visit your nearest police station or dedicated cyber cell and file a formal complaint. Under the Information Technology Act 2000, online fraud is a criminal offence with penalties including imprisonment of three to seven years. Also bring printed evidence and your complaint reference number from the cybercrime portal.

Bandhan Bank Dormant Account — Special Note

Many readers searching for information about Bandhan Bank dormant accounts or how to close a Bandhan Bank account online land on this topic because Bandhan Bank has been specifically mentioned in relation to dormant account fraud alerts. If you have an inactive Bandhan Bank account, here is what you should do:

Log into your Bandhan Bank net banking or mobile app and check your account for any unusual activity. If you wish to close the account, visit your nearest Bandhan Bank branch with your KYC documents and submit a written account closure request. You cannot close most bank accounts fully online in India yet, but you can flag suspicious transactions through the bank's mobile app or by calling Bandhan Bank's cybercrime number directly.

Never let anyone claiming to be a bank executive perform your KYC update over the phone or through a link. Real bank KYC processes happen at the branch or through the official app only.

How to Protect Your Facebook and Social Media Accounts Linked to Shopping Apps

Many e-commerce apps allow you to log in with your Facebook account. This creates a direct link between your social media and your shopping accounts. If your Facebook account gets compromised, so does every shopping account connected to it.

To check which apps are connected to your Facebook account, go to Settings → Security and Login → Apps and Websites. Remove any app you no longer use. Also regularly review your Facebook account security settings and privacy controls to prevent unauthorized access.

This is also important for your social media account protection on mobile devices, especially since many people use the same login across multiple apps.

Special Advice for E-Commerce Businesses and Online Store Owners

If you run an online shopping store or e-commerce business, you also have responsibilities toward your customers when it comes to dormant account security. According to India's Information Technology Act, Section 43A, organizations handling sensitive personal data must implement reasonable security practices. Failure to do so can make you legally liable for data breaches.

Here is what businesses should implement:

• Automatically prompt dormant users to update their passwords after 6 months of inactivity
• Send proactive notifications before deleting saved payment data from inactive accounts
• Implement mandatory MFA for accounts with saved payment methods
• Monitor for sudden activity on long-dormant accounts and flag it for review
• Give users a clear, easy way to delete their accounts and all associated data

If you are looking to build a stronger and more secure online store, reading about e-commerce website security best practices against hacking and fraud is a must for every online business owner. Also consider the importance of proper e-commerce SEO practices and website optimization for online stores to build a trustworthy brand that customers feel safe shopping at.

The Password Problem: Why Reusing Passwords Is Your Biggest Mistake

Let us talk about the elephant in the room. Most Indians use the same password for everything. Your email, your bank, your Flipkart account, your Netflix — all the same password. Maybe with the year added at the end because the system forced you to include a number.

This is a disaster waiting to happen. When any one of these platforms gets hacked (and thousands do, every year), your single shared password unlocks every account you own. Cybercriminals know this too well, which is why credential stuffing attacks are now fully automated and run at massive scale.

The solution is simple, even if it sounds annoying: use a dedicated password manager app. Tools like Bitwarden (free) or 1Password generate and store complex, unique passwords for every account. You only need to remember one master password. This is the single biggest upgrade you can make to your online account security today.

While managing all your digital accounts, also keep your devices secure by understanding how hackers crack passwords and steal login credentials and credit card details. Knowledge is your best defense.

Staying Safe While Shopping Online: Quick Checklist

Here is a handy summary you can bookmark and refer to every time you shop online:

For a broader understanding of the most common types of online deception and how to avoid them, learning about phishing attacks, fake emails, and online scam prevention techniques is strongly recommended. Also check out our post on how to spot and avoid insurance fraud and fake policy scams, because fraudsters are not limiting themselves to shopping platforms alone.

Understanding the full spectrum of cyber fraud types in India is important. Consider reading up on how to stay safe while surfing the internet and using digital services as a foundation for everything else. Pair that with knowledge about ransomware and malware protection for online users to cover your bases fully.

Good digital practices extend to your entire online presence. Whether you are managing WordPress website security and best practices for bloggers or a personal shopping account, the same vigilance applies. Always do a quick website authenticity check before trusting any new online platform with your personal information.

If you also want to protect yourself financially, check if your e-commerce business model is set up safely and profitably to avoid both fraud risks and poor business decisions. Your digital safety is your financial safety.

Frequently Asked Questions About Dormant E-Commerce Account Scams

Got questions? Here are the most common ones people ask about dormant account fraud, e-commerce scams, and cybercrime protection in India. Understanding these answers will help you stay protected and act quickly if something goes wrong.

Bottom Line: Your Old Accounts Are Not "Inactive" — They Are Loaded Weapons Waiting to Go Off

The dormant e-commerce account scam is one of the most under-discussed but rapidly growing forms of cyber fraud in India. Millions of Indians have forgotten shopping accounts sitting on servers with saved card details, personal addresses, and account balances that scammers are actively hunting for every single day. The good news is that protecting yourself is completely free and takes less than an hour.

Go right now, after reading this post, and audit all your old shopping accounts. Delete the ones you do not use. Remove saved payment details from the ones you keep. Change all your passwords. Enable MFA everywhere you can. These are not optional security upgrades — they are the bare minimum standard for anyone who uses the internet in the current era of sophisticated cyber attacks.

And if you are ever in doubt about a suspicious message, remember this simple rule: when in doubt, do not click. Open the official app yourself, verify the information directly, and report anything unusual. Stay alert, stay informed, and share this post with your family, especially older relatives who might not know about these scams. Because the best defense against fraud is always awareness — and now you have plenty of it. Find more useful safety guides and digital tips right here at ProblogBooster's complete guide to staying safe online.