Security Featured

A Small Domain Registration, a Big Security Risk

Korab Arifi

26 Dec 2025 • 2 min read

Photo by Miguel Ángel Padriñán Alba / Unsplash

This article is also available in Albanian

tl;dr

Despite having a strong resemblance to official Kosovo government domains, the domain rks-gov.org was open for registration. As a result, there was a genuine risk of social engineering, fraud, and impersonation. I registered the domain, made it clear that it is not an official government website, and set it up to automatically reroute users to the official government website in order to prevent abuse. No information is gathered.

I am willing to give the domain to the appropriate organisation at no cost, and I have notified the appropriate authorities.

The issue

One of the most important online assets to protect is government websites. They host and stand for institutional authority, citizen trust, and vital public services.

However, security is more than just guarding against server-side vulnerabilities, DDoS attacks, and SQL injections. Social engineering is a significant and frequently disregarded threat. This is one of the most efficient ways that bad actors trick people into giving up money or personal information.

On February 2, 2009, the Kosovo government registered the official domain rks-gov.net. Even though technical security has greatly improved since then, domain lookalikes are an important factor that has been overlooked.

The distinction between rks-gov.net and rks-gov.org is hardly noticeable to the typical citizen. There is a significant risk of misunderstanding and misuse due to this similarity.

For instance, even if it were completely fraudulent, many people would believe an email sent from an address like [email protected] demanding payment of a fine or threatening legal repercussions.

This risk is actively reduced by other governments. To stop impersonation and phishing, the UK, for instance, registers a lot of typo-squatted and lookalike domains associated with gov.uk.

What was done

In order to stop possible abuse:

A defensive registration was made for the domain rks-gov.org.

The website is not an official government website, according to a clear warning that was published.

The official government domain is automatically redirected to visitors.

No personal information is gathered, saved, or handled.

I've notified the appropriate authorities, and I'm prepared to move the domain to the right organisation for long-term security.

What you can do

To defend your family and yourself against phishing and impersonation attempts:

Any message purporting to be from a government agency should have its sender's domain verified.

Verify that the message contains all of your accurate personal information. Messages that are generic raise suspicions.

Ask why the request was made. No government agency will require immediate payments in cryptocurrency, gift cards, or other unusual ways.

At first glance, a message may appear authentic, particularly if it has a convincing domain name. Lookalike domain security is crucial because of this.

Conclusion

Digital trust is brittle. It is much simpler and less expensive to prevent abuse by taking proactive steps rather than reacting after citizens have already suffered harm.

As part of a larger cybersecurity and public safety strategy, this case emphasises how crucial it is to secure government-related domains.

Made with ❤️ by Korab Arifi.