In a troubling new trend, cybercriminals have adopted an advanced tactic that allows them to cheat unsuspecting victims and vanish without a trace—using what are known as disposable domains. These domains are essentially short-lived websites designed to mimic legitimate platforms, trick users, and disappear quickly before any action can be taken against them.
India’s nodal cyber safety platform, under the Ministry of Home Affairs’ Indian Cyber Crime Coordination Centre (I4C), has issued a public warning about this growing threat. The tactic involves creating a temporary digital address—often used to host fake shopping websites or phishing pages—and then shutting it down within hours or days after the fraud is executed.
What Are Disposable Domains and How Do They Work?
In the digital world, a domain is like a home address—it identifies where a website or email server resides. Examples include google.com or meta.com. These domains are usually registered for a minimum of one year, with associated costs paid to domain registrars.
However, cybercriminals have found a loophole. They exploit two main mechanisms:
- Short-Term Activation: Domains are registered and quickly set up for malicious use—primarily phishing, malware delivery, and financial fraud.
- Grace Period Exploitation: Even after a domain’s official expiration, there’s a 40-day grace period during which it can still be revived or reused. Fraudsters use this to rerun scams or host fresh fraudulent content briefly before vanishing again.
These disposable domains help criminals escape detection. Victims are left without any viable links, and enforcement agencies often struggle to trace the perpetrators once the domain vanishes into the void.
Red Flags and How to Stay Safe
Cybersecurity experts advise all internet users to be alert when visiting unfamiliar websites, especially those that promise steep discounts or ask for sensitive information. Some warning signs include:
- Strange Domain Endings: Watch for suspicious top-level domains like
.clik,.buzz,.like, or.top—often not used by trusted businesses. - Misspellings: Domains resembling well-known brands but with altered spellings (e.g.,
gogla.cominstead ofgoogle.com). - Unbelievably Cheap Deals: Offers that seem “too good to be true” usually are. Unrealistically low prices for popular products are a classic bait in such scams.
Authorities suggest verifying the legitimacy of the domain, avoiding clicking on unknown links, and shopping only on reputed websites.
I4C urges all citizens to report suspicious websites to cybercrime.gov.in or by calling the 1930 cybercrime helpline. As cyber threats evolve, awareness and caution remain the first line of defense.