A large and sophisticated cyber fraud operation is preying on the trust of Indian vehicle owners by deploying fake digital traffic fine portals. According to a new report from Cyble Research and Intelligence Labs (CRIL), criminals have shifted from malware to highly convincing browser-based phishing, creating over 36 fraudulent websites to steal sensitive financial information.
How the Fake e-Challan Scam Operates
The attack begins with an urgent SMS message sent to potential victims. The text claims the recipient has an unpaid traffic violation and often warns of imminent license suspension or legal action to create panic. A shortened link within the message directs users to a meticulously crafted fake website.
These fraudulent portals are designed to look nearly identical to official Regional Transport Office (RTO) or government e-Challan platforms. Once on the site, users see dynamically generated violation details, usually involving a small penalty amount like ₹590, paired with a tight deadline to pay. These details are completely fabricated and have no link to any real government database.
The Sophisticated Tactics of Data Theft
The scam's payment page is where the real theft occurs. To avoid traceable methods, the fake portals deliberately restrict payment options only to credit and debit cards, excluding UPI or net banking. Victims are prompted to enter full card details, including the CVV number and expiry date.
To appear legitimate, the sites falsely claim transactions are processed through well-known Indian banks. Even if a payment attempt fails, the system continues to accept repeated submissions, allowing attackers to harvest multiple sets of card data from a single anxious user.
Local Infrastructure Builds False Trust
Investigators found that the scam's credibility is boosted by its use of local resources. The deceptive SMS messages originate from Indian mobile numbers registered with domestic telecom providers. Furthermore, some linked accounts are associated with major institutions like the State Bank of India.
CRIL analysts note that this localization strategy, which exploits trust in familiar institutions rather than technical software exploits, makes the campaign far more sophisticated and successful than earlier attempts.
A Wider Network of Cybercrime
Analysis of the scam's backend infrastructure revealed it is part of a larger, coordinated cybercrime operation. The same systems are being reused to host phishing pages that impersonate a variety of trusted entities beyond RTO portals.
This criminal network also targets victims through fake pages for:
- Major courier services like DTDC and Delhivery.
- International banking brands such as HSBC.
- Official government transport platforms like Parivahan.
The reuse of infrastructure, website templates, and payment logic points to a professional and organized fraud ring rather than isolated scams.
Evasion Techniques and Public Advice
The operators use advanced tactics to avoid detection and takedown, including frequently changing domain names and overriding browser security warnings with urgent messages. Many of these malicious domains remain active, indicating the campaign is ongoing.
Cybersecurity experts urge the public to adopt the following precautions:
- Never click on links in unsolicited messages claiming unpaid traffic fines.
- Always verify challan status directly through official government websites like parivahan.gov.in.
- Be extremely cautious of payment pages that only accept card details and lack UPI options.
- Immediately report suspicious messages to cybercrime authorities.
This campaign underscores a dangerous trend where cybercriminals are moving away from complex code-based attacks and instead exploiting human psychology and trust in official systems through refined social engineering.
