Fake 'e-challan' SMS: A single click can empty your bank account

As per officials, victims receive an SMS claiming that a traffic e-challan has been issued against their vehicle. The message typically carries a link urging immediate payment to avoid penalties. Believing the message to be genuine, recipients click on the link and are redirected to a fake webpage designed to closely resemble the official M-Parivahan portal of the Ministry of Road Transport and Highways.

Cyber experts say, "This is where the phishing cycle begins."

The I4C wing alerts that the fraudulent website prompts users to enter personal details such as vehicle number, mobile number, OTP, and even banking or card information under the pretext of paying the challan. "Once submitted, the data is harvested by cybercriminals, who then siphon off money from victims' bank accounts or misuse their credentials for further fraud."

The I4C wing has flagged a rise in such SMS-based phishing campaigns, particularly in urban areas where digital traffic enforcement systems are widely used. Fraudsters exploit public familiarity with genuine e-challan systems to create panic and urgency, often warning of heavy fines or legal action if payment is not made immediately.

Officials, privy to such cases, have clarified that "legitimate e-challans are issued only through authorised government platforms, and citizens are advised to verify any such notice directly on official state traffic police websites or through the official Parivahan portal."

The fresh alert stresses that users should never click on suspicious links received via SMS, share OTPs, or disclose banking details on unverified websites.

The I4C wing has urged citizens to report such incidents immediately on the national cybercrime helpline 1930 or via the cybercrime reporting portal to prevent further financial loss.

With phishing attacks becoming more sophisticated, the I4C wing further warns that a single click on a fake "e-challan" link can trigger a chain of digital fraud, underscoring the need for heightened public awareness and caution.

Taking cognisance of such frauds, the Ministry of Home Affairs (MHA) last month "geo-blocked" the command and control servers linked to the 'Wingo' app network to disrupt its operations, describing it as a "telecom mule as a service" platform that offers earnings based on SMS tasks.

Additionally, four Telegram channels with around 1.53 lakh subscribers and over 53 related YouTube videos promoting the app were also blocked as part of the MHA crackdown against the 'Wingo' app.

The I4C wing then issued a public warning against the 'Wingo' app, pointing out that "Wingo App, which provides earnings based on SMS Task is a 'Telecom Mule as a Service' App, and that citizens are advised to refrain from using the same."

Like the 'Wingo' app, the I4 wing says there are several such apps involved in circulating fake links through SMS, and advised citizens to refrain from downloading or using the application. The I4C cautioned Android users to remain vigilant against such malicious apps.

The I4C was set up by the MHA to provide a comprehensive and coordinated framework to tackle cybercrime in the country. It serves as the central nodal agency for dealing with cybercrime-related issues and works closely with state and Union Territory law enforcement agencies.

I4C plays a key role in identifying emerging cyber threats, analysing cybercrime trends, and coordinating large-scale crackdowns on fraud networks operating through malicious apps, fake websites, mule accounts, and social media platforms. It also works with telecom service providers, internet intermediaries, and global technology platforms to block illegal digital infrastructure such as phishing domains, fraudulent apps, and Command and Control servers used by cybercriminals. (ANI)