SMS-based traffic fine scam hits vehicle owners across India, says report

A significant cyber fraud scheme is currently taking advantage of the trust placed in India's traffic enforcement systems. Cybercriminals are deploying counterfeit e-Challan websites to extract sensitive financial details from unsuspecting vehicle owners. Recent insights from Cyble Research and Intelligence Labs (CRIL) highlight a transition from traditional malware attacks to highly convincing phishing tactics conducted through web browsers. This extensive scam has been linked to over 36 fraudulent websites that are actively deceiving users throughout India. Victims are receiving SMS notifications claiming they owe unpaid traffic fines, often accompanied by alarming warnings about potential license suspensions or legal repercussions, which pressure recipients to act immediately. Within the messages, a shortened link directs users to a fake website that closely mimics official portals of the Regional Transport Office (RTO) or e-Challan systems. Once there, victims are presented with fabricated violation details, usually featuring minor penalty amounts like ₹590 and imposing urgent deadlines. These details are generated in real-time, with no actual connection to any government database. The fraudulent websites deliberately limit payment methods to credit and debit cards, deliberately excluding UPI or net banking options that could be more easily traced. This design forces victims to input their complete card information, including CVV codes and expiration dates. To further deceive users, these sites falsely assert that transactions are processed through recognized Indian banks, enhancing their credibility. Even in instances of failed payments, the system remains functional, allowing multiple submissions from the same user, which enables attackers to collect several sets of card data. Investigators have discovered that the SMS messages originate from mobile numbers registered with Indian telecom providers, with some accounts tied to the State Bank of India. This localization strategy effectively increases the perceived legitimacy of the scam. CRIL emphasizes that this campaign is notably more advanced than previous efforts, relying on established trust in familiar institutions rather than purely technical exploits. An analysis of the backend infrastructure indicates that the same systems are utilized across various fraud campaigns, suggesting a well-coordinated and professional cybercrime network rather than isolated incidents. Additionally, researchers have identified advanced evasion techniques being employed, with many of the malicious domains still active, indicating that the scam is ongoing. Cybersecurity professionals are urging users to remain vigilant and exercise caution.