A fresh surge in phishing scams is targeting citizens through fraudulent “e-challan” SMS messages, prompting new warnings from the Indian Cyber Crime Coordination Centre under the Ministry of Home Affairs. According to officials, victims receive text messages claiming a traffic e-challan has been issued against their vehicle. The SMS typically includes a link urging immediate payment to avoid penalties. Trusting the message to be genuine, recipients click on the link and are redirected to a fake website that closely mimics the official M-Parivahan portal of the Ministry of Road Transport and Highways.

Cyber experts explain that this is where the phishing process begins. The counterfeit site asks users to enter sensitive details such as vehicle number, mobile number, OTPs, and even banking or card information under the guise of settling the challan. Once submitted, the data is captured by cybercriminals, who then siphon funds from bank accounts or misuse the information for further fraud.

The I4C has reported a noticeable rise in such SMS-based phishing campaigns, especially in urban areas where digital traffic enforcement systems are common. Scammers exploit public familiarity with legitimate e-challan systems to create panic, often threatening heavy fines or legal consequences for non-payment.

Authorities have clarified that genuine e-challans are issued only through authorised government platforms. Citizens are advised to verify any notice directly via official state traffic police websites or the Parivahan portal rather than clicking on SMS links. The latest advisory urges people not to click on suspicious links, share OTPs, or disclose financial information on unverified websites. The I4C has asked victims to immediately report incidents to the national cybercrime helpline 1930 or through the official cybercrime reporting portal to limit financial damage. As phishing tactics grow more sophisticated, the agency has warned that even a single click on a fake e-challan link can trigger a chain of digital fraud, highlighting the importance of vigilance.

The Ministry of Home Affairs recently geo-blocked command-and-control servers linked to the ‘Wingo’ app network, describing it as a “telecom mule as a service” platform that offers earnings for SMS-based tasks. Authorities also blocked four Telegram channels with around 1.53 lakh subscribers and more than 53 related YouTube videos promoting the app as part of the crackdown. The I4C subsequently issued a public warning against the Wingo app, cautioning citizens against downloading or using it. The agency noted that several similar apps are involved in spreading malicious SMS links and advised Android users to stay particularly alert.

Established by the Ministry of Home Affairs, the Indian Cyber Crime Coordination Centre serves as the central nodal agency for addressing cybercrime in India. It works closely with state and Union Territory law enforcement agencies to identify emerging threats, analyse cybercrime trends, and coordinate large-scale actions against fraud networks operating through fake websites, malicious apps, mule accounts, and social media platforms. It also collaborates with telecom providers and technology companies to block phishing domains, fraudulent applications, and command-and-control servers used by cybercriminals.