Artificial Intelligence, Business, Tech & Ai, Tech & Future

The Reward Point Trap: How Scammers are Draining Credit Cards via “Expiring” Points

February 28, 2026February 28, 2026By Editor at oning
0 0
The Reward Point Trap How Scammers are Draining Credit Cards via Expiring Points

New Delhi, January 2026 — A sophisticated wave of financial fraud is targeting credit card holders across India, turning “loyalty rewards” into a gateway for total account takeover. As banks digitize their reward systems, a growing network of cyber-syndicates is using high-pressure SMS tactics and “cloned” banking portals to siphoning off lakhs of rupees from unsuspecting users.

The “Sense of Urgency” Bait

The scam begins with a simple but alarming text message. Unlike older, poorly written scams, these messages mimic the official templates of major banks like HDFC, ICICI, or SBI.

  • The Message: “Dear Customer, your 6,850 Reward Points worth ₹7,450 are expiring tonight. Click here to redeem them for cash now.”
  • The Hook: By attaching a specific cash value to the points and setting a “midnight” deadline, scammers bypass the victim’s rational thinking, triggering a “loss-aversion” response.

The “Mirror Link” Deception

The video report highlights the technical precision of the landing pages. When a user clicks the link, they are directed to a website that is a pixel-perfect clone of their bank’s actual login portal.

  • The Phishing Wall: The victim is asked to enter their customer ID, mobile number, and—crucially—their credit card details (Number, Expiry, and CVV) to “verify” the reward redemption.
  • The Silent Takeover: In the background, the scammer is using these details in real-time on a legitimate payment gateway.

The OTP “Validation” Scam

The most critical segment of the fraud involves the One-Time Password (OTP). While victims believe they are entering an OTP to “redeem points,” they are actually authorizing a high-value transaction or adding a new beneficiary to their account. Scammers often use “screen-masking” scripts on the fake website that change the text of the OTP prompt to say “Enter Code to Claim ₹7,450,” hiding the fact that the bank’s actual SMS says “Do not share this OTP for a transaction of ₹50,000.”

The Toll on Urban Professionals

The investigative breakdown reveals that the primary victims are tech-savvy urban professionals who frequently use credit cards.

  • The Impact: Individual losses often range from ₹50,000 to ₹3 lakh within seconds.
  • The Recovery Gap: Because the victim “voluntarily” entered their OTP on a third-party site, banks often contest the “fraud” status, making it incredibly difficult for victims to get a refund.

How to Protect Your Rewards

Experts featured in the video emphasize three non-negotiable rules for cardholders:

  1. Banks Never Send Redemption Links: No legitimate bank will ever send a direct link via SMS to “convert points to cash.” Points must always be redeemed via the official NetBanking portal or Mobile App.
  2. The “URL Check”: Always inspect the website address. Scammers use subtle misspellings like www.hdfc-points-reward.com instead of the official bank domain.
  3. Read the WHOLE OTP: Never enter an OTP without reading the full message. If the message mentions a “transaction amount” or “merchant name” while you are trying to “claim points,” it is a scam.

Bottom Line

In the world of digital banking, “free money” is the most expensive bait. The video serves as a stark reminder: Reward points are a bonus, not an emergency. If a message tells you to “hurry or lose,” you are likely seconds away from being robbed.

Leave a Reply

Your email address will not be published.