Fake DigiYatra Apps Target Indian Users to Steal Financial Data

Threat actors have been exploiting the trust in India’s digital public infrastructure by setting up a deceptive phishing site, digiyatra[.]in, impersonating the DigiYatra Foundation.

This fraudulent website, still live at the time of reporting, is being used to harvest personal user data by presenting itself as an official service for air travelers.

Data Harvesting

The site’s design subtly mimics a legitimate flight booking portal, featuring a flight search box and user forms requesting personal information such as name, phone number, and email.

However, no actual bookings are made, and the interface is solely crafted for data harvesting.

This misleading design has been flagged by ThreatWatch360’s Early Warning Threat Detection program, which continuously monitors domain registrations associated with public sector digital brands like DigiYatra.

Upon further investigation, the team discovered that the site utilizes a free SSL certificate from Let’s Encrypt, enhancing the facade of legitimacy.

The domain was registered under the name Ali Sajil from Kerala, India, and despite its deceptive nature, it remains accessible through both its domain name and direct IP address (167[.]172[.]151[.]164).

Risk Assessment

The existence of this phishing site poses multiple threats including, but not limited to, unauthorized data collection, public deception, and potential reputational damage to the DigiYatra initiative.

The real danger lies in its ability to deceive users due to its keyword use and apparent security (HTTPS).

In response, ThreatWatch360 has escalated the matter to CERT-In and initiated a takedown request with the domain registrar.

Alerts have been shared with clients involved in brand protection, and monitoring for similar fraudulent attempts continues.

Additionally, advice has been given to block the domain and its IP at the DNS level to prevent further abuse.

This incident underscores the importance of vigilance against cyber threats, particularly those targeting trusted governmental initiatives.

Users are advised to exclusively interact with the official DigiYatra Foundation website (hxxps://www[.]digiyatrafoundation[.]com) and be wary of similar-sounding or looking websites, even if they appear secure through HTTPS.

According to the Report, Organizations providing public-facing digital services are encouraged to adopt proactive strategies for brand protection and impersonation detection.

In today’s landscape, where attackers frequently exploit official-sounding names and trusted branding, reactive measures are no longer sufficient.

Companies should engage in continuous monitoring of domain abuse, real-time phishing detection, executive misrepresentation monitoring, and efficient coordination with registrars for site takedowns.

The ongoing vigilance by entities like ThreatWatch360 is crucial in defending the integrity of digital public infrastructure.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!