Over 36 fake e-Challan websites target Indian drivers in large-scale phishing scam: Report

3 weeks ago 2

ARTICLE AD BOX

A large-scale cyber fraud campaign is targeting Indian vehicle owners through fake e-Challan websites. Using phishing links, attackers steal card details by impersonating official RTO portals, exploiting trust in government services and local institutions.

A large-scale cyber fraud campaign is reportedly exploiting trust in India’s traffic enforcement systems, with cybercriminals using fake e-Challan portals to steal sensitive financial information from unsuspecting vehicle owners.(PIXABAY)

According to new findings from Cyble Research and Intelligence Labs (CRIL), the operation marks a shift away from earlier malware-based attacks and instead relies on highly convincing browser-based phishing techniques. The campaign has already been linked to more than 36 fraudulent websites and is actively targeting users across India.

How the scam works

Victims receive SMS messages claiming they have unpaid traffic fines. The messages often include warnings about licence suspension or legal action, prompting recipients to act quickly. A shortened link in the message directs users to a fake website designed to closely resemble official Regional Transport Office (RTO) or e-Challan portals.

Once on the site, users are shown fabricated violation details, typically involving small penalty amounts such as ₹590, accompanied by urgent deadlines. These details are generated dynamically, with no connection to any real government database.

Card data theft disguised as payment processing

The fraudulent portals deliberately restrict payment options to credit and debit cards, avoiding UPI or net banking methods that could offer traceability. Victims are asked to enter full card details, including CVV numbers and expiry dates.

The sites falsely claim transactions are processed through Indian banks, increasing credibility. Even if a payment fails, the system continues accepting repeated submissions, allowing attackers to harvest multiple sets of card data from a single user.

Use of local infrastructure to build trust

Investigators found that the SMS messages originate from Indian mobile numbers registered with domestic telecom providers, while some linked accounts are associated with State Bank of India. This localisation strategy significantly boosts the scam’s legitimacy and success rate.

CRIL noted that the campaign appears far more sophisticated than earlier efforts, relying on trust in familiar institutions rather than technical exploits.

View full Image

AI-generated graphic depicting the new scam.(AI-generated graphic)

Wider criminal network identified

Analysis of the backend infrastructure revealed that the same systems are being used across multiple fraud campaigns. Beyond fake e-Challan portals, the network also hosts phishing pages impersonating:

Major courier services such as DTDC and Delhivery
Banking brands including HSBC
Government transport platforms such as Parivahan

The reuse of infrastructure, templates and payment logic suggests a coordinated and professional cybercrime operation rather than isolated scams.

Evasion tactics and persistence

Researchers found evidence of advanced evasion techniques, including:

Frequently changing domain names to avoid takedowns
Content originally written in Spanish and later translated automatically
Browser security warnings being overridden through urgency-based messaging

Many of the malicious domains remain active, indicating the campaign is ongoing.

Advice for the Public

Cybersecurity experts urge users to remain vigilant:

Never click on links in unsolicited messages claiming unpaid traffic fines
Always verify challans directly via official government websites such as parivahan.gov.in
Be cautious of payment pages that only accept card details
Report suspicious messages to cybercrime authorities immediately

Key Takeaways

Cybercriminals are increasingly using sophisticated phishing techniques to exploit trust in government systems.
Victims often receive urgent SMS messages prompting immediate action, making them more susceptible to scams.
Fraudulent websites carefully mimic official portals, restricting payment options to avoid traceability.

Read Entire Article