Visakhapatnam: In a disturbing reminder of how rapidly cyber-fraud tactics are evolving in India, a young professional from Visakhapatnam lost ₹5.6 lakh in just three minutes after clicking on a fraudulent traffic-challan link sent via SMS. The message, disguised as an official communication from the government’s mParivahan platform, led to the automatic installation of a hidden APK that granted hackers full control over his smartphone.
The incident, shared by the victim on X (formerly Twitter), has renewed concerns about the surge in “traffic-challan phishing scams”—a trend now frequently reported across metro and tier-2 cities.
Fake challan SMS during travel triggered the breach
According to the victim, he was driving from Visakhapatnam to Vizianagaram when he received an SMS claiming he had violated a traffic signal. The message contained a link asking him to check a pending challan. Thinking it was genuine, he clicked on it.
Within moments, a malicious, invisible APK downloaded in the background. Cybercriminals gained remote access to the device, ultimately hijacking his Amazon account and two credit cards.
No OTP shared, yet ₹5.6 lakh debited hackers reset Amazon password
As per the victim’s statement, the attackers swiftly:
- Changed his Amazon account password
- Initiated transactions worth ₹3 lakh and ₹2.6 lakh
- Used stored card details and compromised autofill/OTP data
- Executed payments without requiring any OTP input
He emphasized that he never shared an OTP with anyone, showing how advanced the malware was in bypassing typical multi-factor authentication safeguards. Immediately after noticing suspicious alerts, he acted by:
- Blocking his credit cards
- Transferring his bank balance to a relative
- Contacting Amazon customer support
- Filing complaints with the Cyber Crime Helpline (1930)
- Registering an FIR with the Visakhapatnam Cyber Crime Police
Amazon reversed ₹3 lakh after risk-assessment review
The victim further confirmed that Amazon’s risk management team examined the suspicious activity and issued a refund of ₹3 lakh within 24 hours, noting anomalies such as password resets and unusual device behaviour.
The remaining ₹2.6 lakh transaction is under technical review, pending recovery.
He described the episode as “one of the most humiliating moments,” adding that curiosity during driving cost him dearly.
Social media users call it a ‘wake-up call’
The post triggered widespread discussion on X, with many labeling it a stark reminder of how sophisticated cyberattacks have become. One user wrote:
“Even those experienced in Web3 and crypto fall for such attacks. This can happen to anyone.”
Another questioned how scammers knew he was travelling:
“Is the source toll data? License plate tracking? Or app-level permissions?”
A third user reassured him:
“Those fake messages during driving create panic. You managed the crisis impressively within minutes.”
Experts warn: ‘Challan phishing’ is now a major cybercrime pattern
Cybersecurity analysts note a sharp rise in scams leveraging: Fake mParivahan messages, FASTag-related alerts, APK links disguised as government notifications. Once installed, such malware can enable: Screen mirroring, SMS/OTP access, Email takeover, Autofill password retrieval, Remote access to financial apps.
How to safeguard yourself from such attacks
- Never click on unknown or unsolicited links
- Verify challans only through the official mParivahan or state transport portals
- Disable Install from Unknown Sources on your phone
- Use biometric locks and robust two-factor authentication
- In case of fraud, immediately call 1930 Cyber Helpline
- Keep credit card limits and online transaction permissions controlled
