Akhil Bhartiya Cyber Suraksha Sangathan (Regd.)
Regd. with Registrar of Society of NCT Delhi-Regd. No-287
Cyber Criminals se Suraksha, Digital India ki Raksha
अखिल भारतीय साइबर सुरक्षा संगठन (पंजी)
भारत की पहली साइबर क्राइम इन्वेस्टीगेशन एन जी ओ
ऑनलाइन रहें सतर्क, साइबर अपराध से रहें सुरक्षित
www.abcss.org Email: [email protected]
AMIT MALHOTRA
(Cyber Crime Investigation Specialist)
Founder Akhil Bhartiya Cyber Suraksha Sangathan
18 years of experience in crime prevention, detection and investigation. Certified Ethical Hacker from EC-Council. Certified Cyber Crime Investigator from Asian School of Cyber Laws. Presently working in the area of cyber crime investigation.
// GENUINE WEBSITES (Official): https://www.sbi.co.in → State Bank of India https://www.amazon.in → Amazon India https://incometax.gov.in → Income Tax India // SQUATTED / FAKE WEBSITES (Dangerous — Created by Attackers): https://www.sbI-onlIne.co.in ← Typosquatting (Capital I instead of l) https://www.amaz0n.in ← Character Substitution (0 instead of o) https://incometax-refund.com ← Combosquatting (Extra words added) https://www.sbi.co.net ← TLD Squatting (Wrong extension .net) // HOW TO STAY SAFE — ALWAYS CHECK THE URL BAR CAREFULLY: ✔ Look for the green padlock (HTTPS) — but do not trust it alone ✔ Carefully verify spelling and domain extension before entering any data ✔ Use browser bookmarks for important sites — do not type URLs manually ✔ Always verify the URL before entering any OTP, password, or bank details
⚠️ How Squatting Attacks Are Carried Out
- Registering fake domains that closely imitate real websites (e.g., sbi-bank.com)
- Exploiting typing mistakes — gogle.com, facebok.com, amaz0n.in, etc.
- Appending popular brand names with extra words — sbiloanoffer.com, hdfc-emi.net
- Using different TLDs (domain extensions) — .net or .org instead of the original .gov.in
- Unicode/Homograph attacks — using visually identical characters (Latin 'a' vs Cyrillic 'а')
- Registering a brand's domain immediately after it expires
- Creating 1:1 copies of government portals like Income Tax, Aadhaar, and EPFO
- Building fake e-commerce sites to steal payment details and OTPs
- Cybersquatting — registering a brand's domain to blackmail them or sell it back
- Uploading fake apps on mobile app stores using names similar to popular apps
✅ How to Protect Against Squatting Attacks
- Always carefully check the full URL in the address bar — both spelling and extension
- Bookmark important websites in your browser; do not type URLs manually every time
- Hover over links in emails or SMS to preview the real URL before clicking
- When registering your brand's domain, also register all common TLDs (.com .in .net .org)
- Use only official website links found via trusted sources — never click on sponsored ads
- Download mobile apps only from official stores (Google Play / Apple App Store)
- Access banking, Aadhaar, and Income Tax portals directly — never via links in messages
- Set up domain monitoring services to receive instant alerts about squatted domains
- Enable Two-Factor Authentication (2FA) to limit damage even if credentials are stolen
- File a WIPO UDRP complaint at wipo.int to recover a cybersquatted domain
Selecting the Target — Choosing Which Website to Imitate
The attacker selects a popular, high-traffic website — such as SBI Online Banking, IRCTC, the Income Tax e-Filing portal, Amazon, or any other widely used government or private portal. The more popular the website, the greater the number of users who may accidentally land on the fake site. Automated tools are used to analyse traffic data across thousands of websites.
Registering the Fake Domain
The attacker introduces a minor error in the original domain's spelling or uses a different extension — such as sbi-net-banking.com, irctc-booking.net, or incometax-refund.in. These domains are easily available in the market for as little as ₹500–₹1,000. Some attackers simply wait for a brand's domain to expire and register it immediately before the rightful owner can renew it.
Building a Perfect Replica of the Real Website
The attacker copies the original website's complete design — including the logo, colour scheme, layout, and language — to create a near-identical fake. In many cases, the actual source code is also copied. The fake site will feature a realistic login page, OTP verification screen, and even a payment gateway. The visitor has absolutely no way of knowing they are on a fraudulent site.
Driving Traffic — How Users End Up on the Fake Site
The attacker uses multiple methods to drive victims to the fake site — sending phishing emails with the fake link, circulating WhatsApp/SMS messages claiming "your account has been blocked" or "claim your refund," running Google Ads that lead to the fake site, or simply waiting for users to make a typing mistake. In many cases, these fake sites even appear in Google Search results.
Stealing Data or Money
When a user enters their username, password, OTP, Aadhaar number, credit/debit card details, or UPI PIN on the fake website, everything is sent directly to the attacker's server. Some sites also silently install malware or keyloggers on the victim's device. The attacker then uses these stolen credentials to transfer funds from the real bank account, commit identity theft, or sell the data on the dark web.
Cybersquatting — Blackmailing the Brand or Selling the Domain
In cybersquatting, the attacker registers the brand's domain solely to sell it back to the company at a highly inflated price, or to threaten to damage the brand's reputation. Many small businesses and startups are unaware that their domain name has been registered by someone else — until the moment they urgently need it and find it unavailable in the market.
Typosquatting (URL Hijacking)
The most common type of squatting attack. The attacker introduces a single small error in the original domain's spelling — such as gooogle.com, amaz0n.in, or sbiionline.com. Users who make a typing mistake while entering a URL are redirected directly to this fraudulent site. Automated programs are used to register thousands of spelling variations simultaneously.
Cybersquatting (Domain Squatting)
The attacker registers the domain name of a company, celebrity, or brand in advance with the intention of selling it back to the rightful owner at an inflated price, or to siphon traffic from the genuine site. This practice commonly targets upcoming startups, newly elected politicians, and upcoming films or products whose domain names have not yet been registered.
Combosquatting
A common word or phrase is added to a well-known brand's name — such as sbi-loan.com, hdfc-emi-offer.in, or irctc-booking-now.com. These domains appear legitimate because they contain the real brand's name. They are widely used in phishing campaigns, as victims trust the URL when they see a familiar brand name within it.
TLD Squatting (Extension Squatting)
The attacker uses the exact spelling of the original domain but with a different top-level domain (TLD) extension — such as incometax.com (instead of the real incometax.gov.in) or sbi.net (instead of sbi.co.in). Many users do not pay attention to the domain extension and fall victim to this form of fraud.
Homograph / IDN Squatting (Unicode Attack)
Visually identical Unicode characters are used — such as the Cyrillic letter 'а' (which looks exactly like the Latin 'a') or a capital 'I' in place of a lowercase 'l'. These domain names appear absolutely identical to the original in the browser's address bar but are technically different domains. This is one of the most sophisticated and dangerous squatting techniques.
App Store Squatting
Fake applications are uploaded to the Google Play Store or Apple App Store using names nearly identical to popular apps — such as "SBI Mobi le Banking" or "IRCTC Rail Connect Pro." These apps steal sensitive data by requesting excessive permissions or intercept banking OTPs. In some cases, fake apps even appear above the genuine app in search results.
🚨 IF YOUR WEBSITE OR DOMAIN HAS BEEN COMPROMISED — DO THIS IMMEDIATELY
- Call your bank immediately and request an account block if you have entered financial details on a fake website
- Change your internet banking password, email password, and UPI PIN without any delay
- Note down the full URL, take a screenshot, and record every available detail of the fake website — this is critical legal evidence
- Call Cyber Crime Helpline 1930 and provide complete details of the incident
- File an online complaint at cybercrime.gov.in with all available evidence
- If your own brand or domain has been squatted, file a complaint with WIPO UDRP (wipo.int/amc/en/domains) or the .IN Registry immediately
- Visit the nearest Cyber Crime Cell or police station to register an FIR
- Alert your contacts so that they too are warned against the fake website
- If your company's domain has been squatted, immediately seek advice from a cybersecurity lawyer
- Enable Two-Factor Authentication (2FA) on all your accounts without delay
📞 CONTACT IMMEDIATELY — HELPLINE NUMBERS
IT Act Section 66: Dishonestly or fraudulently committing any act under Section 43 — such as creating a fake website to steal data or money — imprisonment up to 3 years and/or fine up to ₹5 lakh.
IT Act Section 66C: Using stolen user credentials, passwords, or digital identity obtained through a squatting attack — imprisonment up to 3 years and fine up to ₹1 lakh. This is the primary section applicable to identity theft arising from squatting attacks.
IT Act Section 66D: Cheating by impersonation using a computer resource or communication device — i.e., using a fake website to deceive users by impersonating a legitimate organisation — imprisonment up to 3 years and fine up to ₹1 lakh. This section is the most directly applicable to squatting attacks.
BNS Section 318 (Old IPC 420) — Cheating: Deceiving users through a fake website to obtain money or data — imprisonment up to 7 years and fine. This section applies when the squatting attack is carried out with the intent of financial fraud.
BNS Section 319 (Old IPC 464) — Making False Documents: Copying any official or government website or creating a fake digital identity — imprisonment up to 2 years and/or fine. This is a serious charge applicable to fake replicas of government portals.
Trade Marks Act 1999 — Section 29 (Trademark Infringement): Registering the domain name of a registered trademark without authorisation is both a civil and criminal offence. The affected company has the right to seek an injunction and damages through court. A domain can also be recovered through the WIPO UDRP (Uniform Domain-Name Dispute-Resolution Policy) process.
Digital Personal Data Protection (DPDP) Act 2023: Organisations that collect and process personal data are legally obligated to implement reasonable security safeguards. Organisations may face heavy financial penalties for a data breach caused by a squatting attack. Failure to notify affected users and authorities of a breach constitutes an additional offence under this Act.
CYBER SAFETY TIPS
COMPLAINT & POLICE STATION
Follow Us
MASSMATIC CYBER FORENSIC COURSES
- BEGINNER'S LEVEL (1 Month Training)
- ADVANCED LEVEL (6 Month Training)
- EXPERT LEVEL (18 Months Training)
- CERTIFIED CYBER CRIME INVESTIGATION OFFICER (3 Months Training)
- COMPUTER HACKING FORENSIC INVESTIGATOR (3 Months Training)
- CYBER COMMANDO TRAINING V3.0 (3 Months Training)
- FREE CYBER SECURITY & AWARENESS COURSE (Register Here)