In 2006, the government approved the Common Services Centres scheme to promote e-governance. The Common Services Centres provide high quality and cost-effective video, voice and data content and services in the areas of agriculture, health, education and training, banking and insurance among others in rural and remote areas of the country.

In 2015, the scheme was made an integral part of Prime Minister Narendra Modi’s Digital India campaign. And soon, CSC 2.0 was launched, expanding the programme’s outreach to all 2.5 lakh gram panchayats in the country.

The links provided in this website (screenshot below) give all the necessary information about the scheme. The only problem is that this is a fake website that is currently under scrutiny, said a cyber security consultant working with the government’s Computer Emergency Response Team.

This, on the other hand, is the homepage of the original website.

Fake websites and job scams

For years, such fake websites have been used to scam and cheat people out of lakhs of rupees, mostly on the pretext of getting them government jobs. One of the first such cases to come to light was the Railway Recruitment Board Scam unveiled by the Uttar Pradesh Police in October 2014, according to the cyber security consultant, who did not want to be identified. He said the people behind the scam created a fake railway website, www.irrbpl.org, replicating and even hyperlinking the genuine one, www.rrbbpl.nic.in. The fake website invited applications for job vacancies in the Indian Railways and cheated around 10,000 candidates by charging them registration and processing fees.

In January 2015, the Delhi Police busted another scam that had baffled the government. A Kolkata-based person was arrested for cheating people from across the country out of lakhs of rupees through a fake website, www.pmay-gov.in, of the Pradhan Mantri Adarsh Gram Yojana (a village development scheme), a senior Delhi Police official said. The cyber security consultant said the success of the scam was attributed to the presence of the term gov in the web address, adding, “This later turned into a popular scam trick, followed in several scams with similar modus operandi.”

Even the fake Common Services Centres website had gov in its domain.

Domain names and cyber security

To understand such scams, it is important to understand the breakdown of an internet domain. Take for example the domain www.google.co.in. Elements in a domain are separated by dots. They can further be classified as domain name (google), sub-domain (www) and domain extensions or top-level domains (.co and .in).

A domain extension such as .gov is restricted to constituents of the Indian government at various levels, right from the Centre and the states and Union territories to districts and sub-districts. The National Informatics Centre is the exclusive registrar for the domain extensions .gov.in. Hence, it can give credibility to any uniform resource locator or URL, senior government officials said.

According to the cyber security expert, “Not every internet user is sufficiently tech savvy to understand the domain trick. Most of them fail to take note of the fact that most scamsters use gov in the domain name [with the help of a hyphen] while it is supposed to be a domain extension [separated by a dot]. And having gov in the domain name does not give any credibility to the website.”

The -gov trick was used in the fake Pradhan Mantri Adarsh Gram Yojana website and many other scams. It is present in the URL of the fake Common Services Centres website too.

“So, it is very important to have a government registry for all domain names generated from India,” the cyber security consultant said.

Currently, a 15-member panel appointed by the government to recommend amendments to the Information Technology Act, 2000 – the country’s primary law dealing with cybercrime – and bring cyber security under its ambit is deliberating on the prospect of a government registry for all domain names generated in India. Other than government officials, the panel consists of bankers and cyber security experts. The proposal for a registry for domain names was tabled at its meeting in October.

“Having a government registry for domains and recording basic details about the individuals procuring those domains can help investigation of crimes to a great extent,” said a member of the panel. “It is a proposal which the panel members are still deliberating on. The process of control on domain names is not supposed to end with the registry. It is also supposed to include scrutiny and periodic verification of domain names in order to regularly identify the dubious ones.”

He recommended close coordination between government agencies, private internet domain registrars and web hosting companies.