Indian vehicle owners are facing a new and highly organised wave of cyber fraud, with more than 36 fake e-Challan websites uncovered as part of a nationwide phishing campaign that impersonates official traffic enforcement portals. According to a recent report by Cyble Research and Intelligence Labs (CRIL), cybercriminals are increasingly abandoning malware-based attacks in favour of browser-based phishing, relying on social engineering and institutional trust to steal sensitive financial data.
The campaign targets motorists through SMS messages that falsely claim pending traffic violations. These messages often warn of imminent licence suspension, legal action, or penalty escalation, creating a sense of urgency that pressures recipients into clicking embedded links. The links redirect users to fraudulent websites designed to closely resemble official Regional Transport Office (RTO) or e-Challan portals.
Researchers say the scale, sophistication and localisation of the operation mark a significant escalation in phishing activity linked to government services in India.
How the Scam Operates
According to CRIL’s findings, victims typically receive a text message stating that an unpaid traffic challan has been issued against their vehicle. The SMS includes a shortened URL and urges immediate payment to avoid punitive action. Once clicked, the link opens a fake website that visually mirrors legitimate government platforms, complete with logos, colour schemes and official-sounding language.
Users are shown fabricated violation details, usually involving small penalty amounts—commonly around ₹500–₹600—along with tight payment deadlines. Investigators note that these details are dynamically generated and have no connection to real government databases or vehicle records.
“The amounts are deliberately kept low to reduce suspicion and encourage quick payment,” the report said, adding that urgency is a central psychological trigger in the scam.
Card Data Theft Disguised as Payment Processing
One of the most telling red flags identified by researchers is the deliberate restriction of payment options. Unlike genuine government portals, which typically allow UPI, net banking and multiple digital payment methods, the fake e-Challan sites accept only credit and debit cards.
Victims are prompted to enter full card details, including card number, expiry date and CVV. The sites falsely claim that payments are being processed through reputed Indian banks, lending an added layer of credibility. Even when a transaction appears to fail, the portal continues to accept repeated submissions, allowing attackers to harvest multiple sets of card data from the same user.
“This design indicates that the objective is not payment, but data collection,” CRIL noted.
Localisation Used to Build Credibility
The investigation found that the scam relies heavily on local infrastructure to boost authenticity. SMS messages were traced to Indian mobile numbers registered with domestic telecom providers, and some backend-linked accounts were found to be associated with State Bank of India.
Security analysts say this localisation strategy significantly increases user trust, as victims are more likely to believe messages that appear to originate from within India and reference familiar institutions.
Rather than exploiting technical vulnerabilities, the campaign exploits institutional trust, particularly public confidence in traffic enforcement systems and government-backed digital services.
A Wider, Coordinated Criminal Network
Further analysis of the backend infrastructure revealed that the same systems are being reused across multiple phishing campaigns, pointing to a coordinated and professional cybercrime operation rather than isolated incidents.
Beyond fake e-Challan portals, the infrastructure was found hosting phishing pages impersonating:
- Leading courier services such as DTDC and Delhivery
- International and domestic banking brands, including HSBC
- Government transport platforms such as Parivahan
Researchers observed common templates, shared payment logic and identical data-harvesting mechanisms across these sites, reinforcing the conclusion that a single organised network is behind the activity.
Evasion Techniques and Ongoing Threat
CRIL also documented advanced evasion tactics employed by the operators. These include frequent domain changes to avoid takedowns, automatically translated content originally written in Spanish, and messaging designed to override browser security warnings by amplifying urgency and fear.
Despite identification and reporting, many malicious domains remain active, suggesting that the campaign is ongoing and continues to claim new victims.
Cybersecurity experts warn that such phishing operations are becoming increasingly resilient due to low operational costs and high success rates, especially when scams leverage trusted government workflows.
Advice for Motorists and the Public
In light of the findings, cybersecurity professionals are urging citizens to exercise heightened caution. Key advisories include:
- Do not click on links in unsolicited messages claiming unpaid traffic fines
- Always verify challans directly through official government portals such as parivahan.gov.in
- Be wary of payment pages that only accept card details and exclude UPI or net banking
- Report suspicious messages and websites immediately to cybercrime authorities
Experts stress that legitimate government agencies do not demand sensitive card information via SMS links and rarely impose instant penalties without multiple official notifications.
A Growing Pattern of Trust-Based Cybercrime
The fake e-Challan campaign highlights a broader shift in cybercrime strategy. Attackers are increasingly moving away from technically complex exploits and instead focusing on trust-based deception, exploiting citizens’ familiarity with digital governance platforms.
As India expands its digital public infrastructure, security analysts say parallel investment in public awareness, rapid takedown mechanisms and inter-agency coordination will be critical to prevent misuse.
For now, the discovery of more than 36 fraudulent websites serves as a stark reminder that in the digital age, even routine civic interactions—such as paying a traffic fine—can become entry points for cyber fraud if vigilance drops.
