#FactCheck: Fake Claim on Delhi Authority Culling Dogs After Supreme Court Stray Dog Ban Directive 11 Aug 2025

Introduction

In the evolving landscape of cybercrime, attackers are not only becoming more sophisticated in their approach but also more adept in their infrastructure. The Indian Cybercrime Coordination Centre (I4C) has issued a warning about the use of ‘disposable domains’ by cybercriminals. These are short-lived websites designed tomimic legitimate platforms, deceive users, and then disappear quickly to avoid detection and legal repercussions.

Although they may appear harmless at first glance, disposable domains form the backbone of countless online scams, phishing campaigns, malware distributionschemes, and disinformation networks. Cybercriminals use them to host fake websites, distribute malicious files, send deceptive emails, and mislead unsuspecting users, all while evading detection and takedown efforts.

As India’s digital economy grows and more citizens, businesses, and public services move online, it is crucial to understand this hidden layer of cybercrime infrastructure.Greater awareness among individuals, enterprises, and policymakers is essential to strengthen defences against fraud, protect users from harm, and build trust in thedigital ecosystem

What Are Disposable Domains?

A disposable domain is a website domain that is registered to be used temporarily, usually for hours or days, typically to evade detection or accountability.

These domains are inexpensive, easy to obtain, and can be set up with minimal information. They are often bought in bulk through domain registrars that do not strictly verify ownership information, sometimes using stolen credit cards or cryptocurrencies to remain anonymous. They differ from legitimate temporary domains used for testing or development in one significant aspect, which is ‘purpose’. Cybercriminals use disposable domains to carry out malicious activities such as phishing, sextortion, malware distribution, fake e-commerce sites, spam email campaigns, and disinformation operations.

How Cybercriminals Utilise Disposable Domains

1. Phishing & Credential Stealing: Attackers tend to register lookalike domains that are similar to legitimate websites (e.g., go0gle-login[.]com or sbi-verification[.]online) and trick victims into entering their login credentials. These domains will be active only long enough to deceive, and then they will disappear.

2. Malware Distribution: Disposable domains are widely used for ransomware and spyware operations for hosting malicious files. Because the domains are temporary, threat intelligence systems tend to notice them too late.

3. Fake E-Commerce & Investment Scams: Cyber crooks clone legitimate e-commerce or investment sites, place ad campaigns, and trick victims into "purchasing" goods or investing in scams. The domain vanishes when the scam runs out.

4. Spam and Botnets: Disposable domains assist in botnet command-and-control activities. They make it more difficult for defenders to block static IPs or trace the attacker's infrastructure.

5. Disinformation and Influence Campaigns: State-sponsored actors and coordinated troll networks use disposable domains to host fabricated news articles, fake government documents, and manipulated videos. When these sites are detected and taken down, they are quickly replaced with new domains, allowing the disinformation cycle to continue uninterrupted.

Why Are They Hard to Stop?

Registering a domain is inexpensive and quick, often requiring no more than an email address and payment. The difficulty is the easy domain registrations and the absence of worldwide enforcement. Domain registrars differ in enforcing Know-Your-Customer (KYC) standards stringently. ICANN (Internet Corporation for Assigned Names and Numbers) has certain regulations in place but enforcement is inconsistent. ICANN does require registrars to maintain accurate Who is information (the “Registrant Data Accuracy Policy”) and to act on abuse complaints. However, ICANN is not an enforcement agency. It oversees contracts with registrars but cannot directly police every registration. Cybercriminals exploit services such as:

• Privacy protection shields that conceal actual WHOIS information.
• Bulletproof hosting that evades takedown notices.
• Fast-flux DNS methods to rapidly alter IP addresses

Additionally, utilisation of IDNs ( Internationalised Domain Names) and homoglyph attacks enables the attackers to register visually similar domains to legitimate ones (e.g., using Cyrillic characters to represent Latin ones).

Real-World Example: India and the Rise of Fake Investment Sites

India has witnessed a wave of monetary scams that are connected with disposable domains. Over hundreds of false websites impersonating government loan schemes, banks or investment websites, and crypto-exchanges were found on disposable domains such as gov-loans-apply[.]xyz, indiabonds-secure[.]top, or rbi-invest[.]store. Most of them placed paid advertisements on sites such as Facebook or Google and harvested user information and payments, only to vanish in 48–72 hours. Victims had no avenue of proper recourse, and the authorities were left with a digital ghost trail.

How Disposable Domains Undermine Cybersecurity

• Bypass Blacklists: Dynamic domains constantly shifting evade static blacklists.
• Delay Attribution: Time is wasted pursuing non-existent owners or takedowns.
• Mass Targeting: One actor can register thousands of domains and attack at scale.
• Undermine Trust: Frequent users become targets when genuine sites are duplicated and it looks realistic.

Recommendations Addressing Legal and Policy Gaps in India

1. There is a need to establish a formal coordination mechanism between domain registrars and national CERTs such as CERT-In to enable effective communication and timely response to domain-based threats.

2. There is a need to strengthen the investigative and enforcement capabilities of law enforcement agencies through dedicated resources, training, and technical support to effectively tackle domain-based scams.

3. There is a need to leverage the provisions of the Digital Personal Data Protection Act, 2023 to take action against phishing websites and malicious domains that collect personal data without consent.

4. There is a need to draft and implement specific regulations or guidelines to address the misuse of digital infrastructure, particularly disposable and fraudulent domains, and close existing regulatory gaps.

What Can Be Done: CyberPeace View

1. Stronger KYC for Domain Registrations: Registrars selling domains to Indian users or based in India should conduct verified KYC processes, with legal repercussions for carelessness.

2. Real-Time Domain Blacklists: CERT-In, along with ISPs and hosting companies, should operate and enforce a real-time blacklist of scam domains known.

3. Public Reporting Tools: Observers or victims should be capable of reporting suspicious domains through an easy interface (tied to cybercrime.gov.in).

4. Collaboration with Tech Platforms: Social media services and online ad platforms should filter out ads associated with disposable or spurious domains and report abuse data to CERT-In.

5. User Awareness: Netizens should be educated to check URLs thoroughly, not click on unsolicited links and they must verify the authenticity of websites.

Conclusion

Disposable domains have silently become the foundation of contemporary cybercrime. They are inexpensive, highly anonymous, and short-lived, which makes them a darling weapon for cybercriminals ranging from solo spammers to nation-state operators. In an increasingly connected Indian society where the penetration rate of internet users is high, this poses an expanding threat to economic security, public confidence, and national resilience. Combating this problem will need a combination of technical defences, policy changes, public-private alliances, and end-user sensitisation. As India develops a Cyber Secure Bharat, monitoring and addressing disposable domain abuse must be the utmost concern.

References

• https://www.bitcot.com/disposable-domains
• https://atdata.com/blog/evolution-of-email-fraud-rise-of-hyper-disposable-domains/
• https://www.cyfirma.com/research/scamonomics-the-dark-side-of-stock-crypto-investments-in-india/
• https://knowledgebase.constantcontact.com/lead-gen-crm/articles/KnowledgeBase/50330-Understanding-Blocked-Forbidden-and-Disposable-Domains?lang=en_US
• https://www.meity.gov.in/
• https://intel471.com/blog/bulletproof-hosting-fast-flux-dns-double-flux-vps

‍

‍

Introduction

With the ever-growing technology where cyber-crimes are increasing, a new cyber-attack is on the rise, but it’s not in your inbox or your computer- it's targeting your phone, especially your smartphone. Cybercriminals are expanding their reach in India, with a new text-messaging fraud targeting individuals. The Indian Computer Emergency Response Team (CERT-In) has warned against "smishing," or SMS phishing. 

Understanding Smishing

Smishing is a combination of the terms "SMS" and "phishing." It entails sending false text messages that appear to be from reputable sources such as banks, government organizations, or well-known companies. These communications frequently generate a feeling of urgency in their readers, prompting them to click on harmful links, expose personal information, or conduct financial transactions.

When hackers "phish," they send out phony emails in the hopes of tricking the receiver into clicking on a dangerous link. Smishing is just the use of text messaging rather than email. In essence, these hackers are out to steal your personal information to commit fraud or other cybercrimes. This generally entails stealing money – usually your own, but occasionally also the money of your firm.

The cybercriminals typically use these tactics to lure victims and steal the information.

Malware- The cyber crooks send the smishing URL link that might tick you into downloading malicious software on your phone itself. This SMS malware may appear as legitimate software, deceiving you into putting in sensitive information and transmitting it to crooks.

Malicious website- The URL in the smishing message may direct you to a bogus website that seeks sensitive personal information. Cybercriminals employ custom-made rogue sites meant to seem like legitimate ones, making it simpler to steal your information.

Smishing text messages often appear to be from your bank, asking you to share personal sensitive information, ATM numbers, or account details. Mobile device cybercrime is increasing, as is mobile device usage. Aside from the fact that texting is the most prevalent usage of cell phones, a few additional aspects make this an especially pernicious security issue. Let's go over how smishing attacks operate.

Modus Operandi

The cyber crooks commit the fraud via SMS. As attackers assume an identity that might be of someone trusted, Smishing attackers can use social engineering techniques to sway a victim's decision-making. Three things are causing this deception:

• Trust- Cyber crooks target individuals, by posing to someone from a legitimate individual and organization, this naturally lowers a person’s defense against threats. 

• Context- Using a circumstance that might be relevant to targets helps an attacker to create an effective disguise. The message feels personalized, which helps it overcome any assumption that it is spam.
• Emotion- The nature of the SMS is critical; it makes the victim think that is urgent and requires rapid action. Using these tactics, attackers craft communications that compel the receiver to act.
• Typically, attackers want the victim to click on a URL link within the text message, which takes them to a phishing tool that asks them for sensitive information. This phishing tool is frequently in the form of a website or app that also assumes a phony identity.

How does Smishing Spread?

As we have revealed earlier smishing attacks are delivered through both traditional texts. However, SMS phishing attacks primarily appear to be from known sources People are less careful while they are on their phones. Many people believe that their cell phones are more secure than their desktops. However, smartphone security has limits and cannot always guard against smishing directly.

Considering the fact phones are the target While Android smartphones dominate the market and are a perfect target for malware text messages, iOS devices are as vulnerable. Although Apple's iOS mobile technology has a high reputation for security, no mobile operating system can protect you from phishing-style assaults on its own. A false feeling of security, regardless of platform, might leave users especially exposed.

Kinds of smishing attacks

Some common types of smishing attacks that occurred are;

•  COVID-19 Smishing: The Better Business Bureau observed an increase in reports of US government impersonators sending text messages requesting consumers to take an obligatory COVID-19 test via a connected website in April 2020. The concept of these smishing assaults may readily develop, as feeding on pandemic concerns is a successful technique of victimizing the public.

• Gift Smishing: Give away, shopping rewards, or any number of other free offers, this kind of smishing includes free services or products, from a reputable or other company. attackers plan in such a way that the offer is for a limited time or is an exclusive offer and the offers are so lucrative that one gets excited and falls into the trap. 

CERT Guidelines

 CERT-In shared some steps to avoid falling victim to smishing. 

• Never click on any suspicious link in SMS/social media charts or posts.
• Use online resources to validate shortened URLs.
• Always check the link before clicking.
• Use updated antivirus and antimalware tools.
• If you receive any suspicious message pretending to be from a bank or institution, immediately contact the bank or institution.
• Use a separate email account for personal online transactions.
• Enforce multi-factor authentication (MFA) for emails and bank accounts.
• Keep your operating system and software updated with the latest patches.

Conclusion

Smishing uses fraudulent mobile text messages to trick people into downloading malware, sharing sensitive data, or paying cybercriminals money. With the latest technological developments, it has become really important to stay vigilant in the digital era not only protecting your computers but safeguarding the devices that fit in the palm of your hand, CERT warning plays a vital role in this. Awareness and best practices play a pivotal role in safeguarding yourself from evolving threats.

Reference

• https://www.ndtv.com/india-news/government-warns-of-smishing-attacks-heres-how-to-stay-safe-4709458
• https://zeenews.india.com/technology/govt-warns-citizens-about-smishing-scam-how-to-protect-against-this-online-threat-2654285.html
• https://www.the420.in/protect-against-smishing-scams-cert-in-advice-online-safety/

Introduction

The Ministry of Electronics and Information Technology ( MeitY) through its Information Security Education & Awareness ( ISEA ) came up with an advisory regarding the growing cases of e-challan fraud. Cybercriminals are exploiting the beliefs of individuals by attracting them into clicking malicious links under the impression of paying traffic fines. Cybercriminals employ sending phishing messages and impersonating official e-challan notifications as a primary method. These messages are crafted in such a way that portrays a sense of urgency, provoking individuals to click on a link for spontaneous payment. For building trust, the messages are deviously created by scammers depicting official communication, which in actuality are fake messages targeting individuals for committing online financial fraud.

Unveiling the E-Challan Scam

Scammers send a text message to your phones that closely resembles e-challan alerts. The text appears from the traffic police, informing the netizens of a traffic violation that requires a fine payment. These messages contain a link and a text message urging the recipient to settle the fine by clicking on the links to make the payment.  Scammers have started trapping innocent individuals through such fake messages. These scammers are creating and sending fake messages that look like traffic challan alert messages. However, it is a completely deceptive and fake message. Such messages contain malicious links to fake website, leading users to visit the fake website and enter their bank account details, or make the payment which ultimately leads to financial loss to victims. Cyber scammers have meticulously copied the format used by the traffic authorities however a close examination can help us spot the trap. The modus operandi of such type of scam is to get the targeted individuals to click on a malicious link for payment of traffic e-challan. Once you click on such malicious payment link to pay for the e-challan the individuals unknowingly will end up paying the cyber criminals instead of the police in a bid to discharge the traffic e-challan.

How to spot a fake E-Challan?

• Verify the Vehicle Number: Make sure that the vehicle number mentioned in the message matches your vehicle’s number. Cross-check this information with your vehicle’s number plate or the smart card ( blue book) issued by the Regional Transport Office ( RTO).
• Verify the E-challan Number: Verify the validity of the e-challan number by logging into the official traffic police website or app. Legitimate e-challans will have a corresponding record that can be cross-checked for authenticity. The challan number can be verified by logging in to the official e-challan website. It is always advisable to Visit the official government website to check if you have actually been fined.
• Inspect the Message Content: Give attention to the language inculcated in the message. Hackers' messages may contain grammatical errors or unusual phrases. For example, cybercriminals might encourage victims to visit the RTO office in person. Trying to build up confidence among the victims. Also, it is important that you do not make such payments in haste. Vehicle owners must check such messages carefully before clicking on any link.

Best Practices to Stay Safe

• Be aware of unbidden messages: Be cautious when you receive unsolicited e- challan notifications. Abstain yourself by clicking on links or downloading attachments from unknown sources. 
• Always stick to legitimate or official websites: The scammers use links which look similar to the official link, and a casual glance can miss the difference. Hence it is strictly advisable to visit the official websites only. Also do note that government websites will always have the domain '.gov.in'.  The official website of Traffic Challan is https://echallan.parivahan.gov.in/ 
• Get it cross-checked through official channels: Always cross-check the authenticity of an e-challan by directly accessing official channels, such as the official traffic police website or application. 
• Connect with the RTO directly: If in doubt, independently connect with the Regional Transport Office ( RTO) using official contact details to verify the authenticity of the e-challan.  It is best not to solely rely on information received from suspicious messages. 
• Software update: Make sure that your device’s security software is up to date to protect against malware and phishing scams.

Conclusion:

Cybercriminals are exploiting the fear of traffic fines to trick individuals into clicking on malicious links and revealing their personal and financial information. These scams can lead to significant financial losses for the victims. To stay safe, it is important to be cautious of unsolicited messages, verify the authenticity of e-challans through official channels, and avoid clicking on links or downloading attachments from unknown sources. Awareness is the first line of defence in the evolving landscape of online threats. 

References:

• https://economictimes.indiatimes.com/news/new-updates/ahmedabad-residents-duped-out-of-lakhs-in-e-challan-scam-cops-arrest-jharkhand-man/articleshow/103528317.cms
• https://economictimes.indiatimes.com/wealth/save/new-traffic-e-challan-fraud-heres-how-to-identify-scam-messages-and-avoid-getting-duped/articleshow/104960817.cms
• https://www.ndtv.com/india-news/explained-the-new-e-challan-scam-how-we-can-escape-it-4342129

‍