Over 36 Fake e-Challan Websites Target Indian Drivers in Large-Scale Phishing Scam

A widespread cyber fraud campaign is currently targeting Indian vehicle owners through more than 36 fake e-Challan websites. Cybercriminals are exploiting the public's trust in India's traffic enforcement systems to steal sensitive financial information. This sophisticated operation relies on highly convincing browser-based phishing techniques, marking a shift from earlier malware-based attacks.

The scam begins with victims receiving unsolicited SMS messages claiming they have unpaid traffic fines. These messages often include threatening language about license suspension or potential legal action to create a sense of urgency. The SMS contains a shortened link that redirects users to a fraudulent website designed to closely resemble official Regional Transport Office (RTO) or e-Challan portals.

Once on the fake website, users are presented with fabricated violation details, often involving small penalty amounts, such as ₹590, and near-term expiration dates to prompt quick action. Regardless of the information entered by the user, the system generates a valid-looking challan record. This fabricated challan data requires no prior victim-specific information. The website also replicates official branding from the Ministry of Road Transport and Highways and the National Informatics Centre to appear legitimate.

The fraudulent portals deliberately restrict payment options to credit and debit cards, avoiding more traceable methods like UPI or net banking. Victims are then asked to enter their full card details, including CVV numbers and expiration dates. The sites falsely claim that transactions are processed through Indian banks to increase credibility. Even if a payment fails, the system continues accepting repeated submissions, allowing attackers to harvest multiple sets of card data from a single user. This indicates that all entered card data is transmitted to the attacker backend, regardless of transaction success.

The SMS messages originate from Indian mobile numbers registered with domestic telecom providers, and some phone numbers are linked to State Bank of India accounts, further increasing the perceived legitimacy of the scam. Cybersecurity company Cyble identified over 36 phishing domains impersonating e-Challan and Parivahan services, designed to evade takedowns and blocklists. These domains often follow similar naming patterns and closely resemble legitimate Parivahan branding, and some use domain generation techniques to automatically create phishing domains.

Cyber police warn that scammers are exploiting public familiarity with digital traffic fines to gain access to smartphones and steal money from bank accounts. They advise that traffic challans should always be verified through official platforms like the Parivahan e-Challan website or by contacting the traffic police or RTO directly. Users should avoid opening links or attachments from unknown numbers. If a suspicious file has already been downloaded, experts recommend immediately turning off mobile data and Wi-Fi, uninstalling the app, and considering a factory reset of the device. Cyber police also urge residents to promptly report such messages to the cyber crime helpline or their nearest cyber police station.

This browser-based phishing campaign lowers the technical barrier for attackers and increases the pool of potential victims, as anyone with a smartphone and web browser can be targeted.