
In a public notice dated 17 July, the High Commission of India (HCI) in Singapore cautioned travellers and visa agents against a spike in fraudulent websites mimicking the Government of India’s official online visa platform. The mission reiterated that the only authorised URL for e-Visa applications is “indianvisaonline.gov.in” and stressed that neither the HCI nor the Bureau of Immigration employs third-party intermediaries to expedite processing. According to the notice, several Singapore-registered domains have been luring applicants with ‘priority slots’ for fees of up to SGD 400—more than six times the standard charge. Victims have reported credit-card over-billing, data theft and, in at least three cases, complete loss of passport details, prompting concerns about identity misuse. The mission is collaborating with Singapore’s Cyber Security Agency to shut down the fraudulent sites and has circulated IP addresses to local internet-service providers for blacklisting. India processed nearly 137,000 e-Visas for Singapore residents in 2025-26, many of them for MICE and medical travel. Corporate travel managers are therefore being urged to audit internal booking portals and ensure that employees are routed only to the official government site. Employers found using unauthorised agents could have applications rejected and lose the visa fee, adding avoidable cost and time. The advisory also reminds applicants that the e-Visa portal never seeks social-media passwords, bank log-ins or real-time webcam verification—red flags that indicate a phishing attempt. Travellers are encouraged to pay only via the site’s secure Razorpay gateway and to confirm that the address bar displays the Government of India’s digital certificate. As India continues to digitise immigration services—most recently with the introduction of the e-OCI card—cyber criminals are likely to exploit public unfamiliarity with new systems. Mobility teams should include cyber-hygiene briefings in their pre-departure checklists and consider deploying browser plug-ins that flag look-alike domains.