.png){kind=logo}
Cybercriminals are deploying fake e-Challan portals to grab sensitive financial information from Indian vehicle owners. Cyble Research and Intelligence Labs depict the operation as a significant change in precautionary tactics against cybercrime.
Fraudsters are increasingly relying on highly convincing, browser-based phishing techniques in place of malware-based attacks. Researchers have currently traced the campaign to more than 36 fraudulent websites, many of which remain active.
The scam starts with victims usually getting text messages claiming pending traffic fines, often with threats of licence suspension or serious legal action. This creates a sense of urgency while a link hidden in the content redirects visitors to a deceptive site that looks similar to the legitimate Regional Transport Office (RTO) website.
Users are then shown fake details of traffic violations with fine amounts of Rs. 590 and short payment deadlines. According to investigators, these violations are generated dynamically and are not linked to any legitimate government database.
The fake portals limit the payment choices to credit and debit cards, leaving out any UPI or net banking methods to avoid traceability. Victims are then asked to input complete card details, including the CVV number and date of expiry.
These fraudulent sites incorrectly report transactions being processed through a bank in India to build credibility. The payment portal, despite failure, keeps requesting victims to try again, providing attackers with multiple sets of card data.
According to CRIL, many scam SMSes are sent from Indian mobile numbers registered with domestic telecom providers. Some of the linked accounts are also associated with an Indian bank to increase the scam’s success rate.
Also Read: Cybersecurity Warning: Christmas WhatsApp Scam Spreads Across India
Backend analysis revealed shared infrastructure across multiple fraud campaigns. The systems used to build fake e-Challan portals were also implemented in creating phishing pages that can impersonate courier services, global banks, and government transport platforms. Reuse of templates and payment logics point to a professional, organized cybercrime operation.
Cybersecurity experts advise the public to avoid opening links attached to unsolicited messages about traffic fines. They should instead refer to the official government portals to verify challans, remaining vigilant of card-only payment pages. Users are also advised to report any suspicious messages to cybercrime authorities as soon as possible.
