The issue was first reported last year

Indian government URLs are redirecting public to scam websites: Report 

By Mudit Dube

Jan 08, 2025

12:31 pm

---

What's the story

Several Indian government websites continue to unknowingly redirect users to fake online platforms, a report by TechCrunch has revealed.

The issue continues to exist despite being flagged by the same publication last year.

The investigation found over 90 "gov.in" website links belonging to different government departments and state governments that were redirecting users to sites associated with online betting and investment scams.

Affected departments

Scam links found on prominent government websites

The scam links were found on the official websites of several major government departments. These include the Indian Council of Agricultural Research and India Post, as well as state governments and councils of Haryana and Maharashtra, among others.

Search engines such as Google have indexed these fraudulent links hosted on government sites, thereby increasing the chances of regular internet users stumbling upon them.

Past incidents

Previous reports and government response

Back in May, TechCrunch reported that some 48 Indian government website links were redirecting users to online betting platforms.

After the report, India's cyber agency, the Computer Emergency Response Team (CERT-In), escalated the matter.

However, it is still not clear if the government has fixed the underlying vulnerability that scammers are exploiting to plant their links on these sites.

Ongoing problem

Hacked pages are widespread

The problem of fraudulent links on government websites has returned, as highlighted by Deedy Das of Menlo Ventures and others on social media platform X.

Security researcher Bob Diachenko told TechCrunch that this reoccurrence could stem from a compromise in the websites' content management system (CMS) or server configurations.

He stressed the need to tackle not just the symptoms but also the root cause to prevent future exploitations.

Agency action

CERT-In's response and current status

TechCrunch reached out to CERT-In with a list of affected links earlier this week.

While the agency did not respond to the email, the links started showing a "page not found" error around the time of publication.

This indicates that some action may have been taken to address these issues, but no official statement has been released by CERT-In as of now.