A widespread cyber fraud campaign is exploiting Indian drivers by using fake e-Challan websites to steal financial information.
According to Cyble Research and Intelligence Labs, the operation uses highly convincing browser-based phishing tactics instead of traditional malware. Investigators have identified more than 36 fraudulent websites actively targeting users across India.
The scam typically starts with an SMS claiming unpaid traffic fines. Messages often warn of licence suspension or legal action to pressure recipients. A shortened link directs users to a fake portal resembling official RTO or e-Challan websites.
On these sites, victims see fabricated violations with small penalties, often around ₹590, and urgent payment deadlines. The details are generated dynamically and are not linked to any government database.
Fraudsters restrict payment to credit or debit cards, avoiding UPI or net banking to reduce traceability. Users are asked to provide full card information, including CVV and expiry date. The portals falsely claim that transactions are processed through Indian banks, and repeated submissions are allowed to capture multiple sets of card details.
The scammers also boost credibility by using local infrastructure. SMS messages come from Indian mobile numbers, and some accounts are linked to a major Indian bank. CRIL noted that this campaign is far more sophisticated than previous efforts, relying on trust in familiar institutions rather than technical exploits.
Investigators discovered that the same backend infrastructure supports multiple phishing campaigns. Besides fake e-Challan sites, the network impersonates major courier services, banking brands, and government transport platforms, suggesting a coordinated and professional operation.
The scammers use advanced evasion techniques, including frequently changing domains, auto-translating content, and overriding browser security warnings through urgent messaging. Many of these domains remain active, indicating the campaign is ongoing.
Cybersecurity experts advise users to stay alert:
-
Never click on links in unsolicited traffic fine messages
-
Verify challans only via official websites such as parivahan.gov.in
- Be cautious of payment pages requesting only card details
Report suspicious messages to cybercrime authorities immediately
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
