New Delhi — Over the past week, social media timelines across India were flooded with sensational posts claiming that playback singer Shreya Ghoshal had been caught in a career-ending controversy. The alleged “leak” sparked panic among fans and spread rapidly through viral tweets, WhatsApp forwards, and Facebook shares. But as it turns out, none of it was true.
The dramatic claims — including false headlines about hot mic moments, courtroom appearances, and public protests — were all part of an elaborate scam. According to cyber intelligence analyst Anmol Sharma, the so-called leak was actually a trap: a network of freshly registered scam websites disguised as news outlets, designed to lure unsuspecting users into clicking malicious links.
“It wasn’t a leak — it was a link,” Sharma wrote in a widely circulated LinkedIn post titled “Debunked: The Viral Shreya Ghoshal ‘Leak’ That Wasn’t.” Sharma, who specializes in online disinformation and scam detection, used open-source intelligence (OSINT) techniques to trace the campaign back to a series of suspicious domains like replaceyourselfupset.run, unpuckoverstatewest.mom, and faragonballz.com.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
“These websites were set up to look like credible news sources but were actually redirecting people to phishing pages and shady investment scams,” Sharma told reporters. “What looked like a celebrity scandal was a digital bait designed to exploit public curiosity and spread malware.”
The scam worked by mimicking real news branding, often copying the layout and fonts of trusted Indian newspapers. The headlines promised shocking revelations: “She didn’t realize the microphone was on,” “Fans advocate for Shreya Ghoshal’s release,” and “Too late to cry — what happened to Shreya?” Images accompanying the posts showed Ghoshal behind bars, in tears, or holding protest placards — all fabricated.
Upon closer analysis, Sharma discovered that the domains used in the campaign were all registered in recent weeks — a red flag in the cybersecurity world. They were linked to nameservers previously identified in phishing operations, and were hosted on infrastructure frequently used for distributing trojans and malware. One of the scam links led users to a site named Lovarionix Liquidity, which promised unbelievable returns on cryptocurrency investments. The site used stolen images, fake testimonials, and buzzwords to convince users to enter personal or financial details.
ALSO READ: “DFIR Capability Maturity Assessment Framework” by ALGORITHA
“The campaign was engineered for maximum emotional impact,” Sharma said. “It targeted both tech-savvy audiences on Twitter and older users on WhatsApp, using fear, urgency, and celebrity drama as bait.”
Beyond the technical details, the hoax raises important questions about how easily misinformation can spread in the age of social media. When fake stories mimic the language and look of legitimate journalism, even cautious users can be fooled. Sharma emphasized the need for digital hygiene and media literacy, especially in a country where mobile-first internet access often outpaces access to verified information.
He offered a few simple rules to avoid falling for similar traps: check if a story appears on credible news platforms, avoid clicking on sensational links with strange URLs, and talk to someone knowledgeable before sharing unverified content.
At the heart of the story is a reminder that disinformation isn’t just about politics or propaganda — it’s increasingly being used as a tool for financial crime. In this case, a fabricated narrative about a beloved singer was enough to lure thousands into a phishing network. Shreya Ghoshal, for her part, was never involved in any controversy. The headlines, the protests, the drama — all made up.
“The internet gives everyone a voice, but it also gives scammers a platform,” Sharma concluded. “If something sounds too shocking to be true, it probably is. Verify before you share.”