Fake DigiYatra Website Exposed: Cybercriminals Target Indian Flyers Through Phishing Scheme

How Scammers Exploited a Trusted Name to Steal Personal Data — And What It Means for Digital India

A dangerous phishing campaign has been uncovered, targeting unsuspecting Indian citizens by impersonating the official DigiYatra Foundation. DigiYatra is a well-known government-backed initiative designed to streamline airport processes through digital ID and facial recognition technology. But cyber threat actors created a lookalike website — digiyatra[.]in — to trick users into surrendering sensitive personal data under the false pretense of booking flight tickets.

ThreatWatch360, a cybersecurity firm with a robust Early Warning Threat Detection system, played a crucial role in identifying the scam. By monitoring domain names related to public-sector initiatives, their system flagged this malicious site for investigation. Although the interface mirrored DigiYatra’s branding, its backend activity was focused entirely on data theft. Behind the scenes, no real booking services were offered. Instead, it was a sophisticated trap to collect users’ names, emails, and phone numbers.

The domain was registered in Kerala and active since July 2022, with operations scheduled to continue through mid-2025. Even more alarmingly, the site used a legitimate-looking SSL certificate from Let’s Encrypt, fooling users into believing the connection was secure.

ThreatWatch360 issued alerts to their clients and government partners, triggering takedown efforts and DNS-level blocking. This case highlights how malicious actors can weaponize public trust in government platforms, endangering both personal privacy and national cybersecurity. Citizens are now urged to access DigiYatra services only through the official domain: www.digiyatrafoundation.com.

What Undercode Say:

The phishing site uncovered in this report is a prime example of why cybersecurity must evolve alongside digital innovation. As India pushes forward with ambitious public-tech initiatives like DigiYatra, it inadvertently creates high-value targets for cybercriminals.

Let’s unpack the core tactics used in this case. The fraudulent site employed domain spoofing, a popular phishing technique where attackers register domain names that look identical to legitimate ones. In this instance, “digiyatra[.]in” seems official at a glance but was never authorized by the DigiYatra Foundation. This tactic thrives on human error — specifically, trust in familiar names and the illusion of a secure HTTPS connection.

The site also relied heavily on social engineering. By mimicking a flight booking portal, it manipulated users into entering personal information. And thanks to the presence of an SSL certificate, most users would never suspect they were under attack. It’s a chilling reminder that HTTPS doesn’t guarantee legitimacy — it only encrypts the connection, not the ethics of the website.

What makes this attack particularly dangerous is its psychological precision. Government-backed apps naturally earn public trust. When attackers hijack that trust, they not only compromise data, but erode confidence in all digital public services. This has long-term repercussions: decreased adoption, digital hesitancy, and a widening of the digital divide.

From a technical standpoint, ThreatWatch360’s proactive surveillance and real-time alerts are commendable. But these should be standard across all public digital infrastructures. The use of AI-powered domain monitoring and automated threat detection is no longer optional — it’s essential.

This incident also raises another important concern: duration of domain activity. The malicious domain had been live since 2022 and was set to operate till 2025 — that’s a long window for data harvesting. This begs the question: why wasn’t it caught earlier? More robust, coordinated public-private monitoring efforts must be prioritized.

Finally, public awareness is crucial. The average user must be educated on basic digital hygiene — recognizing legitimate URLs, verifying HTTPS with more than just a padlock symbol, and using official government directories to access digital services.

In essence, this case isn’t just a one-off scam. It’s a red flag waving at India’s broader digital ecosystem, urging stronger policies, smarter tech defenses, and more informed citizens.

Fact Checker Results ✅

✔️ Confirmed: The phishing site was not affiliated with the official DigiYatra Foundation
🔒 Misleading Security: Used valid SSL to appear trustworthy
🛑 Exposed: No actual ticket bookings took place — only data harvesting was active 😠

Prediction 🔮

With more government services going digital, phishing attacks impersonating official platforms will become more common. Threat actors will increasingly leverage AI to build ultra-convincing clones of public service sites. Expect cybersecurity firms to ramp up domain intelligence, and government initiatives to adopt blockchain and AI verification to protect public trust. The real battleground will be public awareness — the weakest but most targetable link in the digital chain.