Fake Indian E-Visa Website Phishing — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: CRITICAL | View Full Scam Details

Beware in 2026: Fake Indian E-Visa Website Phishing Scam Targeting International Travellers to India

Travelers seeking to apply for an Indian E-Visa in 2026 must beware of a critical phishing scam involving fake websites that impersonate the official Indian government portal.

What Is the Fake Indian E-Visa Website Phishing?

This phishing scam involves fraudsters creating counterfeit websites that closely mimic the official Indian E-Visa portal — indianvisaonline.gov.in — to deceive travelers planning to visit India. These fake sites target both Indian nationals living abroad and international tourists who need to apply for an electronic visa to enter India. The scam is widespread and growing because of increasing global travel and people’s familiarity with online visa applications, making it an attractive target for cybercriminals.

In India, government authorities like CERT-In (Indian Computer Emergency Response Team) and the I4C (Indian Cyber Crime Coordination Centre) have issued warnings about fraudulent websites pretending to be government portals, including E-Visa sites. The Reserve Bank of India (RBI) also warns about online payment frauds linked to such scams. Despite these alerts, many travelers remain unaware and fall victim, often through Google searches, social media shares, or WhatsApp forwards that promote these fake visa services.

These fake E-Visa websites use near-identical logos, Indian tricolor color themes, and bogus trust badges claiming links with Indian consulates or the Ministry of External Affairs. Their goal: trick users into sharing personal data and making payments through non-secure gateways.

How This Scam Works — Step by Step

1. Fake Website Discovery: A traveler googles “Indian E-Visa application” or clicks a link received via WhatsApp or social media. The search results show fake sites like evisaindia.com or visa-indiaonline.net, which look very official.

2. Landing on the Fake Portal: The user enters the fake website, which displays government logos, tricolor design, and claims quick visa approval with minimal documents, enticing the victim to proceed.

3. Submission of Personal Information: The user fills out extensive personal details — passport number, Aadhaar (for Indian-origin applicants), contact information, date of birth, and travel plans.

4. Request for Payment: The fake site asks for a visa processing fee, usually higher than the official fee, through unsecured internet banking or UPI apps. It may insist on instant payment to avoid “application rejection.”

5. Payment and Data Theft: After payment, scammers steal bank or UPI details entered during the fake transaction or trick users into sharing OTPs to confirm fraudulent payments.

6. Loss Realisation and Aftermath: Victims receive no official E-Visa confirmation. Instead, their personal data can be misused for identity theft, SIM swaps, or unauthorized withdrawals via UPI or net banking.

Real Warning Signs to Watch For

• The website URL is not indianvisaonline.gov.in but a lookalike domain like evisaindia.com or variants with subtle spelling changes.
• No HTTPS or security certificate warnings on the browser address bar.
• Multiple payment options but no official payment gateway or RBI-approved PSP (Payment Service Provider).
• Promotion via WhatsApp forwards or unofficial social media pages promising “fast visa approval.”
• Requests for Aadhaar details or OTPs without verification or government warnings.
• Overly positive fake trust badges, such as “Official Partner of Indian Consulates,” with no government disclaimer.
• Pressure tactics: urgent messages threatening visa rejection if payment is not made instantly.

What Happens to Victims

Victims often lose significant amounts of money, ranging from INR 2,000 to over INR 15,000 depending on the fake visa fee and the extent of fraud. As payments are made via UPI or net banking, scammers can trick users into sharing OTPs or PINs, leading to direct withdrawals or fund transfers with little chance of reversal.

Moreover, stolen personal data—including passport numbers and Aadhaar details—can fuel identity theft. Fraudsters may use this information to apply for SIM cards via eKYC, conduct SIM swap frauds, or commit further financial crimes. Victims face bureaucratic hurdles to report and recover from these scams, coupled with emotional stress and travel disruptions.

What RBI and CERT-In Say

The Reserve Bank of India cautions users against making payments on unofficial or suspicious websites. RBI’s banking fraud helpline can be reached at 1800-425-8285 for immediate assistance. CERT-In advises users to verify URLs carefully and avoid clicking links shared on unknown WhatsApp groups or social media accounts.

The Indian Cyber Crime Coordination Centre (I4C) runs the national cybercrime reporting portal at cybercrime.gov.in, where victims can lodge complaints. Additionally, the government’s 24/7 cybercrime helpline can be contacted at 1930 for guidance on phishing and fraud cases.

Together, these agencies encourage travellers to use only the official Indian visa website and report suspicious sites promptly to prevent further victimization.

How to Protect Yourself

1. Always access Indian E-Visa services via the official URL: indianvisaonline.gov.in — do not rely on Google ads or third-party websites.
2. Verify website URLs carefully; watch for misspellings, additional words, or unusual domain extensions (.com, .net instead of .gov.in).
3. Avoid clicking links from WhatsApp forwards or unverified social media posts offering “easy” or “fast” visa processing.
4. Never share Aadhaar, OTPs, PINs, or UPI details on websites whose authenticity you cannot confirm.
5. Check that the payment gateway uses RBI-approved PSPs and displays a secure HTTPS connection.
6. Use official government apps or portals if available.
7. Enable two-factor authentication on your bank and UPI apps and immediately notify your bank if you suspect fraud.

What to Do If You've Been Targeted

1. Immediately block or freeze your bank accounts or UPI wallets through your bank’s customer care.
2. Report the fraud to your bank and request urgent transaction reversal, citing unauthorized payment or OTP misuse.
3. File a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in with full details of the fake website and payment transaction.
4. Call the cybercrime helpline at 1930 for expert advice and follow their guidance.
5. Inform the RBI helpline at 1800-425-8285 for banking fraud support.
6. Change all related passwords and alert your mobile operator to prevent SIM swap if your Aadhaar or mobile details may have been compromised.
7. Keep a record of all communications and transaction receipts for evidence.

Frequently Asked Questions

Q1: How can I be sure I’m on the official Indian E-Visa website?
The official site is indianvisaonline.gov.in. Always check the URL carefully and look for a secure HTTPS connection with a valid certificate. Avoid any other website or links from unknown sources.

Q2: If I paid via UPI on a fake visa site, can I get my money back?
UPI payments are almost instant and typically irreversible. You must immediately contact your bank to report unauthorized transactions and attempt reversals. Also, file a cybercrime complaint and inform RBI’s helpline.

Q3: Does the official E-Visa application require Aadhaar details?
No. Aadhaar is not mandatory for foreign nationals applying for an Indian E-Visa. Any website asking for Aadhaar during visa application is suspicious and likely fraudulent.

Stay safe and always verify official communications by visiting BharatSecure.app for the latest alerts and scam updates before taking any action.