In a shocking revelation, several Indian government websites have been found redirecting users to scam and risky pages. This alarming issue raises serious questions about cybersecurity on official platforms meant to serve citizens. These compromised links could expose unsuspecting users to financial frauds and data theft.
How Scam Links Invaded Govt Websites
Indian government websites with the “.gov.in” domain, known for their credibility, have become a soft target for cybercriminals. These attackers plant malicious links by exploiting security loopholes, including vulnerabilities in content management systems (CMS) and outdated server configurations.
Recent findings revealed over 90 government domains hosting links to suspicious sites, such as online betting platforms and shady investment schemes. Affected portals include those of state departments, councils, and national organizations like the Indian Council of Agricultural Research and India Post.
Shockingly, these compromised links often rank on search engines like Google, making it easier for unsuspecting users to stumble upon them.
CERT-In’s Efforts
In May, India’s Computer Emergency Response Team (CERT-In) took action after a similar issue came to light. While some links were removed at the time, core vulnerabilities seem to persist. Cybersecurity experts emphasize that simply deleting malicious content is not enough; the underlying flaws need fixing.
Security researcher Bob Diachenko highlights, “If vulnerabilities remain unpatched, hackers can easily reintroduce the issue.” Resolving such flaws requires downtime and robust measures—efforts that appear to be lagging.
The Risks to Users Are Real
When users unknowingly click these scam links, they risk exposing their personal and financial information. Cybercriminals use such access to launch phishing attacks, install malware, or drain bank accounts.
For example:
- Phishing scams can steal sensitive login details.
- Malicious downloads could compromise devices.
- Financial losses might occur via fraudulent transactions.
What Can Be Done?
- For Government Agencies:
- Conduct regular security audits to identify vulnerabilities.
- Update CMS and server configurations to avoid exploitation.
- Implement stricter monitoring of uploaded content.
- For Citizens:
- Avoid clicking on links that appear suspicious, even if they are from government domains.
- Use reliable antivirus software and stay vigilant online.
- Report such issues to authorities like CERT-In.
The re-emergence of scam links on Indian government websites is a stark reminder of the pressing need for enhanced cybersecurity. While agencies like CERT-In are aware of the problem, swift and permanent action is crucial to protect citizens from falling prey to online fraud.
Join us on WhatsApp to get every update first, directly in your WhatsApp inbox. Keeping you informed is our responsibility. Connect with us on WhatsApp now!
