FASTag Scam Ranks No.1 on Google: I4C Warns of Fake Annual Pass Websites
FASTag Scam Ranks No.1 on Google: I4C Warns of Fake Annual Pass Websites
Cyber CrimeTrending

How Fraudsters Hijacked Google Search to Run a FASTag Annual Pass Scam, I4C Warns

Shashank Shekhar
By Shashank Shekhar
6 Min Read

India’s cybercrime watchdog has flagged a fresh phishing campaign targeting highway commuters searching for FASTag services online. 

Contents
What the advisory says: Why this scam is dangerousModus operandi: How the FASTag Annual Pass scam is executedKey safety takeaway: “Top result” doesn’t mean “true”What users should do: Precautions recommended by I4CVerify URLs carefullyTreat ads and search results as “untrusted”Independently validate linksIf you’ve paid on a suspicious FASTag site: report immediatelyWhy this advisory matters

The National Cybercrime Threat Analysis Unit (NCTAU) under the Indian Cyber Crime Coordination Centre (I4C) has issued an advisory after identifying fraudulent websites impersonating the National Highways Authority of India (NHAI) FASTag Annual Pass service.

According to the advisory, these phishing sites are not spreading through random links alone — they are being promoted via Google Ads and boosted with search engine optimisation (SEO) to appear at the very top of search results, including Rank 1 for keywords such as “fastag annual pass” and “fastag recharge”.

ALSO READ: FCRF Is The Knowledge Partner For India’s AI Impact Summit 2026 On Deepfake Crime

What the advisory says: Why this scam is dangerous

The warning is significant because it highlights a growing trend: criminals are “meeting users where they search” — using advertising and SEO to make fake portals look like the most legitimate option.

The advisory notes that the phishing websites mimic the branding, layout, logo and content of official FASTag services to create authenticity.

On the visual advisory, I4C also illustrates how “Google Ads + SEO” creates high visibility and pushes users into financial fraud.

Fraudsters are using paid Google Ads to promote fake FASTag Annual Pass websites, making phishing portals appear as top search results and luring users into transferring money to mule bank accounts.
Fraudsters are using paid Google Ads to promote fake FASTag Annual Pass websites, making phishing portals appear as top search results and luring users into transferring money to mule bank accounts.

Modus operandi: How the FASTag Annual Pass scam is executed

I4C’s NCTAU lays out a clear playbook used by the scammers:

  1. Impersonation of a legitimate government service
    The fraudulent portals are designed to look and feel like official NHAI FASTag pages, using similar branding elements to lower suspicion.
  2. Search engine manipulation + paid ads
    Cybercriminals use advanced SEO so the fake site ranks prominently on Google. In addition, they run paid Google Ads to further amplify credibility and visibility.
  3. Deceptive payment flow using QR codes
    Once a user lands on the phishing site, they are prompted to pay for a supposed FASTag Annual Pass. During payment, a QR code is displayed, and the funds are diverted to mule bank accounts.
  4. Rotation of mule accounts to evade detection
    To make tracing harder, the mule accounts linked to the payment page are changed periodically, delaying financial tracking and law enforcement action.
How a fake FASTag Annual Pass website ranks at the top of Google search results and redirects users to scan a QR code that transfers ₹3,000 to a personal bank account, allegedly operated by mule handlers.
How a fake FASTag Annual Pass website ranks at the top of Google search results and redirects users to scan a QR code that transfers ₹3,000 to a personal bank account, allegedly operated by mule handlers.

Key safety takeaway: “Top result” doesn’t mean “true”

A central message of the advisory is blunt: high ranking on Google or appearing as a sponsored ad does not guarantee legitimacy. Users must remain cautious, especially while making payments.

This is particularly relevant for FASTag-related searches because users are often in a hurry (recharge, renewal, travel planning) — the exact situation scammers exploit.

I4C’s advisory lists practical steps that commuters should follow:

Use only official channels

  • Access FASTag Annual Pass services only through the official NHAI website or the Rajmarg Yatra app (available on Google Play Store and Apple App Store)
  • The advisory notes the app has a dedicated section for buying, viewing, renewing and tracking the Annual Pass

Verify URLs carefully

  • Check the URL before entering any personal or financial details.

Treat ads and search results as “untrusted”

  • Don’t assume legitimacy just because the link is on the first page or marked as “Sponsored.”  
  • Links found via search results, ads, emails, or messages should be validated through official government portals before making payments

If you’ve paid on a suspicious FASTag site: report immediately

The advisory urges victims or potential victims to report quickly:

  • Report to the National Cyber Crime Reporting Portal (cybercrime.gov.in), or
  • Call the cybercrime helpline 1930

Why this advisory matters

This case is a textbook example of how phishing has evolved beyond suspicious SMS links. The scam’s strength lies in its distribution: ads + SEO ensure the fraud reaches users at the moment of intent — when they are actively searching for FASTag services.

For commuters, the safest practice is simple: avoid clicking on FASTag-related ads, and rely on verified official portals and the Rajmarg Yatra app for annual pass services.

📲 Join Our WhatsApp Channel

Stay Connected