When a teenager in one of my sessions pulled out his phone and showed me a website, I almost missed it. The domain looked right. The logo looked right. The “Apply Now” button looked right. It was only when I looked closer that I caught it: one letter off from the actual government recruitment portal. He had already filled in his name, phone number, and date of birth before something felt wrong, and he stopped.

He was lucky. Most people I work with are not.

I run digital safety sessions for young people from underserved backgrounds through a local NGO in India. The people who walk into these sessions are not careless or naive. They are first-generation internet users navigating a digital landscape no one prepared them for, seeking opportunities in a job market that has moved almost entirely online. And right now, that desperation is being systematically exploited through something most of them have never heard of: DNS abuse.

The Setup Is Simple. The Damage Is Not.

DNS, the Domain Name System, is essentially the Internet’s address book. When you type a website name into your browser, DNS translates it into the actual location of that site. What most users do not know is that domain names can be registered by anyone, and that registering something that looks almost identical to a legitimate site is cheap, fast, and largely unregulated.

Fake domains targeting Indian job seekers follow a predictable pattern. A site mimics a real government recruitment portal, a well-known private company’s careers page, or a popular freelancing platform. The visual design is copied. The language sounds official. The only difference is the domain name itself, which is often a single-character swap, a missing letter, or a different suffix. “Rnicrosoft” instead of “microsoft.” “Sarkari-result-gov” instead of the actual portal. Small enough to miss when you are moving fast and hoping this application might be the one that changes things.

The people being targeted are not random. They are young Indians between 18 and 25, many from Tier 2 and Tier 3 cities and rural areas, searching for government job notifications, online earning opportunities, or entry-level private sector roles. India has one of the largest youth populations in the world and one of the most competitive job markets. That combination creates exactly the kind of desperation that makes someone fill in a form without double-checking the URL.

What Happens After the Click

The outcomes I have seen and heard about in my sessions range from data theft to full financial compromise. In the lighter cases, personal information, name, phone number and Aadhaar number, is harvested and sold or used for targeted fraud later. In the more serious cases, the fake site is a front for malware delivery or credential theft that gives attackers access to banking apps and payment systems.

One person I worked with described clicking a link shared in a WhatsApp group promising a government scheme registration. The link took them to a site that looked legitimate. They entered their details. Within days, their phone was behaving strangely, and money had moved from their account without their knowledge. By the time they understood what had happened, the domain was already gone, replaced or abandoned by whoever set it up.

This is not a rare edge case. It is a pattern, and it is accelerating.

Why This Is a Governance Problem, Not Just a Technical One

DNS abuse is often framed as a cybersecurity issue to be solved by better tools or more aware users. That framing puts the burden in the wrong place.

The young people being targeted do not have the technical vocabulary to evaluate a domain name. They have not been taught what a URL structure means, what to look for, or why the difference between .gov.in and .gov-in matters. Expecting them to catch what trained professionals sometimes miss is not a policy. It is an excuse.

The infrastructure enabling this abuse sits within reach of governance intervention. Domain registrars have the ability to flag suspicious registrations that closely mimic high-traffic legitimate domains. Registry operators can implement policies that make typosquatting and lookalike domain registration harder and more expensive. ICANN’s mandate around DNS stability and security directly encompasses the kind of abuse being described here. The tools exist. The question is whether the will to use them is there.

India’s Digital Public Infrastructure push has moved essential services online at speed. Job applications, scheme registrations and identity verification all of it now flows through digital channels. That shift has created enormous value for people who can navigate it. It has also created an enormous attack surface for people who cannot. Every fake government portal is a direct consequence of building digital infrastructure without building the protection layer around it.

What Needs to Change

Three things would make a meaningful difference.

Registrars need stronger policies against lookalike domain registration targeting government and high-traffic platforms. The technical capacity to flag these registrations exists. Implementing it requires regulatory pressure and clearer accountability standards.

Digital literacy programs in India need to include URL verification as a basic skill, not an advanced one. Understanding what a domain name means and how to check whether a site is legitimate should be as standard as understanding not to share your OTP.

And the communities most affected need to be part of the conversation about how these problems get solved. The young people in my sessions are not statistics in a threat report. They are the reason this problem matters, and they are currently invisible in the rooms where DNS policy gets discussed.

DNS abuse is not a niche technical problem. It is a trap laid specifically for people trying to build a better life online. India has enough of those people. It is time the infrastructure built for them started protecting them too.