Beware! Fake RTO e-challan websites can steal your bank details
What's the story
A massive online scam has been uncovered, targeting Indian vehicle owners through fake Regional Transport Office (RTO) e-Challan websites. The fraudulent sites mimic official government portals, tricking unsuspecting users into providing their personal and banking information. The scheme was exposed by cybersecurity firm Cyble, which discovered over 36 such deceptive platforms.
Deceptive tactics
Scammers use SMS to lure victims
Unlike previous scams that relied on fake apps or malware, this one uses a more subtle approach. The fraudsters send an SMS from an Indian number registered with Reliance Jio, which is also linked to a State Bank of India (SBI) account. The message informs the recipient about a pending traffic fine and warns of potential consequences like license suspension or legal action if not paid promptly.
Website mimicry
Fake websites replicate government portals
The link in the scam SMS leads to a website that looks just like the real government portal. It features the same logos, colors, and even government symbols such as MoRTH and NIC. As soon as you enter your vehicle number on this fake site, it shows a bogus challan record instantly, regardless of whether there's an actual fine or not.
Data theft
Payment page steals card details
The fake website's payment page only asks for credit or debit card details, avoiding UPI or net banking options. This is because UPI payments are traceable but card details aren't. Once you enter your card number, CVV, and expiry date on this page, the information is silently forwarded to the scammer's system. The site even shows fake messages like "Payment is being processed by Indian banks" to give a false sense of security while stealing data.
Wider impact
Scammers target delivery apps and banks too
The same scam method has also been used against delivery apps and banks. Fake DTDC and Delhivery websites were found using the same design and trick. Some even masquerade as HSBC bank payment pages. This highlights the widespread nature of this fraudulent scheme, which goes beyond just targeting vehicle owners through fake RTO e-Challan sites.
Safety measures
How to protect yourself from this scam
To stay safe from such scams, be vigilant and avoid clicking on links in SMS messages about traffic fines. Instead, visit the official Parivahan website directly to check your challan status. Look out for minor spelling errors or unusual extensions in fake websites' names. If a site only accepts card payments, close it immediately. Report any suspicious messages to cybercrime authorities as well.