Smart Consumer

Cyber Fraud in Bengaluru: Techie Loses ₹5 Lakh After Clicking Fake Website Link to Clear ₹500 Traffic Challan

A Bengaluru software professional lost ₹5 lakh after clicking a fake traffic challan link, highlighting the growing threat of e-challan phishing scams across India.

Syed Muskan Shafiq

January 22, 2026

A 45-year-old software professional in Bengaluru lost ₹5 lakh after clicking a fraudulent link claiming a pending traffic challan of ₹500, exposing a growing wave of fake e-challan scams that are duping motorists across India and prompting police warnings.

On the morning of 16 January, the Bengaluru resident received an SMS from an unknown number alleging she had a traffic violator fine pending of ₹500. Included was a shortened URL – lihi.cc/LcbFG – purporting to lead to an e-challan payment site.

Trusting its authenticity, she clicked the link and entered her banking details to “pay” the fine. Within hours, she discovered unauthorised transactions had depleted her bank account by approximately ₹5 lakh. Police have since registered a complaint and launched an investigation against unidentified fraudsters.

Cybercrime units in Bengaluru and other cities have emphasised that official traffic challans are never communicated via suspicious links or APK files in SMS or WhatsApp messages.

Fraudsters are instead mimicking government portals and notifications with alarming accuracy, often auto-populating vehicle registration numbers to lend credibility.

Rising Tide of Fake E-Challan and Malware-Linked Scams

This Bengaluru incident is not isolated. Law enforcement agencies and cybersecurity researchers report an uptick in “e-challan” scams nationwide, leveraging phishing techniques and malicious mobile applications.

In Hyderabad, four individuals collectively lost over ₹11 lakh after responding to fake traffic challan messages that delivered Android Package Kit (APK) files disguised as official RTO applications; installing these files granted fraudsters access to personal and financial data, leading to immediate theft.

Similarly, in Mumbai, a 53-year-old businessman lost nearly ₹9.71 lakh after a fraudulent “RTO Challan.apk” file was installed on his phone, allowing cybercriminals remote control and unfettered access to his banking apps to siphon funds.

Police investigations are ongoing, analysing WhatsApp metadata and bank records to trace the culprits.

Cybersecurity firm CloudSEK has also flagged international threat actors exploiting these tactics. In a report, researchers identified malware distributed under the pretext of e-challan and vehicle services including Wromba family malware linked to Vietnamese operators that steals contacts and SMS messages, intercepts one-time passwords (OTPs), and leverages victims’ devices to defraud further contacts.

The dangers extend beyond financial loss. Delhi Police have cautioned that malicious links may install malware enabling remote access to devices, infiltrate secure applications, and even compromise users’ digital identities and private communications.

What Police and Officials Are Saying

Authorities from multiple states have urged vigilance and adherence to digital safety norms. Hyderabad’s City Police Commissioner V.C. Sajjanar publicly warned of a sharp increase in fake traffic challan scams, urging citizens to verify challans only via official government portals such as Parivahan.gov.in and to report suspicious communications.

In neighbouring Telangana’s Khairatabad zone, DCP K. Shilpavalli revealed that even her own mobile phone received fraudulent challan messages in quick succession.

Recognising the messages as fake, she reported them to the Central Government’s Sanchar Saathi portal and took to social media to raise public awareness, reminding users that genuine government traffic websites always end in “.gov.in”.

In Delhi, police warned residents that no traffic police unit, bank, or government agency sends APK files or external links claiming unpaid fines.

“Any message coming from a personal number or lacking proper government or police identifiers should be treated with suspicion,” a senior officer said, underscoring the fraudulent nature of recent “challan” alerts.

How the Scams Operate

Experts explain that scammers use several methods to ensnare victims:

Phishing Links: Messages include seemingly official URLs redirecting users to malicious webpages designed to harvest card numbers, CVV codes, and sometimes OTPs.
Malicious APK Files: Fraudulent applications masquerading as government or traffic services get users to install them, granting deep access to the device.
Social Engineering: Messages often include vehicle details, prompt urgent action, or mimic branding to exploit fear of penalties.

Once installed or accessed, these tools can automatically send out similar scam messages to the victim’s contacts, creating a network effect that amplifies reach and damage.

Victims report that sometimes even card details – without OTP – can be enough for fraudsters to initiate unauthorised transactions, especially through international gateways or gift card purchases, making recovery difficult once the transfers are completed.

Digital Safety Tips and Public Awareness

Police and cybersecurity experts recommend:

Do not click on links or download attachments from unknown or unsolicited messages, especially regarding fines or payments.
Verify traffic challans only on official Government portals such as the Ministry of Road Transport and Highways Parivahan website.
Disable “install from unknown sources” on mobile devices to prevent rogue APK installations.
Immediately report suspicious messages to cybercrime helplines (e.g. 1930 in India) and register complaints on official portals like cybercrime.gov.in.

Banks and payment service providers are also urged to send transaction alerts in real time and help victims file chargebacks where possible to mitigate losses.

The Logical Indian’s Perspective

These incidents highlight a troubling reality: fraudsters are evolving as rapidly as digital services are expanding. While our increased reliance on online systems brings undeniable convenience, it also ushers in new risks that demand collective responsibility.

Victims of such scams are often left not only financially strained but also emotionally shaken, underscoring the importance of public education on cyber hygiene.

We must prioritise digital awareness, reinforce community vigilance, and ensure that both individuals and authorities share responsibility in preventing such harm.

Scams thrive on urgency, fear, and information gaps -our defence lies in careful verification, open discussion, and mutual support

You think you are safe because you didn't click "Submit"? Think again. 🚨💸

A dangerous new E-Challan Scam is spreading in India, and the technology behind it is terrifying.

The Scam Mechanism:

SMS: You get a message saying "Pending Traffic Challan" with a link.

Site: It… pic.twitter.com/OWDMjt0lnW
— PaidFreeDroid (@PaidFreeDroid) January 21, 2026

#PoweredByYou We bring you news and stories that are worth your attention! Stories that are relevant, reliable, contextual and unbiased. If you read us, watch us, and like what we do, then show us some love! Good journalism is expensive to produce and we have come this far only with your support. Keep encouraging independent media organisations and independent journalists. We always want to remain answerable to you and not to anyone else.