Pune | Amid a steady rise in cyber fraud cases across digital platforms, a new incident has emerged from Pune, Maharashtra, where a 57-year-old shopkeeper was allegedly cheated of ₹2.76 lakh after receiving a fake traffic challan message on his mobile phone. The fraudsters reportedly gained remote access to his smartphone after he clicked a link sent through SMS and used the access to carry out unauthorized banking transactions.
The victim realised he had been duped only after receiving alerts of multiple transactions from his bank account. He subsequently filed a complaint, following which a case was registered and an investigation was initiated.
Algoritha Security Emerges As India’s Leading Corporate Investigation Powerhouse
Fake challan message used as bait
According to the complaint, the shopkeeper resides in the Sadashiv Peth area of the city. In December 2025, he received an SMS on his phone claiming to be a notification from the traffic department regarding a pending challan.
The message stated that his vehicle had allegedly violated traffic rules and that a fine had been imposed. It also contained a link directing him to an online portal where he was asked to pay the penalty.
The link appeared authentic and resembled an official website. Believing the message to be genuine, the victim clicked on it in order to settle the supposed challan.
Link opened a form asking for details
After clicking the link, an online form opened on his mobile phone requesting certain details related to the challan payment. The victim proceeded to fill in the information as instructed.
During the process, a permission request appeared on the phone screen. Assuming it to be part of the normal payment procedure, he clicked on the “Allow” option. This action reportedly enabled the cybercriminals to gain access to his device.
Remote access allowed fraudsters to control the phone
Investigations revealed that while the form was being completed, remote access software was installed on the victim’s phone. Once the permission was granted, the fraudsters were able to take control of the device remotely.
With access to the phone, the criminals reportedly navigated through various applications and retrieved sensitive information stored on the device. Among the data accessed were the victim’s banking credentials.
Multiple transactions carried out from bank account
After obtaining the banking information, the accused allegedly executed several unauthorized transactions. Within a short span of time, a total amount of ₹2.76 lakh was transferred from the victim’s bank account through multiple transactions.
The victim became suspicious when he started receiving transaction alerts from the bank. He immediately contacted the bank in an attempt to secure the account, but by then a substantial amount had already been withdrawn.
Complaint filed, probe underway
Following the incident, the victim approached the cybercrime authorities and reported the fraud. After preliminary verification of the complaint, the matter was forwarded to the local police station where a formal case was registered.
Investigators are now examining technical evidence to determine the origin of the fraudulent link and to trace the bank accounts into which the stolen funds were transferred.
Public warned against clicking unknown links
Cyber security experts say that frauds involving fake traffic challans, courier delivery notices, electricity bill alerts and bank messages have increased significantly in recent months. Such messages often contain malicious links that install malware or remote access applications once clicked.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said that cybercriminals are increasingly using social engineering tactics to trap victims. “Fraudsters send fake government notices, traffic challans or bank alerts to lure people into clicking on malicious links. Once the link is opened, they gain control over the victim’s device and misuse the banking information stored on it,” he said.
Experts advise the public to avoid clicking on suspicious links received through SMS or messaging platforms and to always verify challans or official notices through authorised government websites or applications.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
