New Delhi: A major cyber fraud campaign targeting Indian vehicle owners through fake RTO e-Challan portals has been uncovered by Cyble Research and Intelligence Labs (CRIL).
The browser-based phishing operation has identified more than 36 fraudulent domains impersonating legitimate government traffic fine websites, marking a shift from earlier malware-driven attacks.
According to the report, victims receive SMS messages claiming unpaid traffic challans, often accompanied by threats of licence suspension or legal action.
These messages include shortened links that redirect users to cloned portals mimicking official Ministry of Road Transport and Highways branding.
The fake sites generate realistic-looking violation details and modest fine amounts to pressure users into quick payments, despite no backend verification taking place.
The scam deliberately restricts payment options to credit and debit cards, harvesting sensitive details such as card numbers, CVV and expiry dates, while avoiding traceable UPI or net banking routes.
Investigators found the campaign uses Indian mobile numbers registered with Reliance Jio and bank accounts linked to the State Bank of India to enhance credibility.
CRIL also flagged shared infrastructure being used to target banking and logistics customers through fake HSBC, DTDC and Delhivery portals, indicating a professional, multi-sector phishing operation.
Several malicious domains remain active, highlighting the ongoing risk to consumers.
