A major cybersecurity lapse at the Delhi Jal Board (DJB) has led to a ₹10 crore fraud, exposing thousands of users to phishing attacks. The vulnerability allowed cybercriminals to redirect consumers to fake payment portals, tricking them into making water bill payments to fraudulent accounts.
How the Breach Was Exploited
The attack exploited a technical flaw on the DJB’s official website, where scammers embedded malicious links that mimicked legitimate payment pages. Unsuspecting users, when redirected, shared sensitive banking details or made payments via third-party platforms—funds that were immediately siphoned off.
Cybersecurity analysts indicate that the site lacked basic safeguards like SSL certification and robust endpoint protections. This made it susceptible to injection-based exploits and phishing overlays. Reports suggest the scam was active for months before being detected and may involve a network of domestic and international actors.
Widespread Impact and Ongoing Investigation
According to initial findings from the Delhi Police Cyber Cell, over one lakh users may have interacted with fake portals. Investigators have confirmed multiple instances of users accessing cloned websites after visiting the official Delhi Jal Board portal.
Also read: India Launches ‘Cyber Suraksha’ to Test Cyber Readiness
Forensic audits are underway, and legal action has been initiated. The Delhi Jal Board has issued public advisories urging users to confirm URLs before making payments, while authorities work to trace the breach trail and identify those behind the scam.
Growing Risk to Public Infrastructure
This incident adds to the growing list of cyberattacks targeting public utilities in India, exposing critical weaknesses in digital infrastructure. Cybersecurity professionals are calling for urgent upgrades, including real-time monitoring, SSL encryption, and endpoint protection across public-sector platforms.
With citizen trust and sensitive financial data at stake, experts stress that digital safety must be embedded into the core of e-governance services—not just bolted on after a breach.
