In light of the growing prevalence of e-challan scams, the Indian Computer Emergency Response Team (CERT-In) has released some crucial advice to prevent individuals from becoming victims and suffering financial loss.
Nearly 4400 devices have been infected with malware, resulting in approximately Rs 16 lakh worth of fraudulent transactions, according to a recent PTI report. Users are tricked into falling for these scams by Vietnamese hackers who employ Android malware.
As part of the campaign, the victims receive a fraudulent e-challan message on WhatsApp containing a fake payment link. By clicking the link, hackers are able to access the device.
Modus operandi
Phishing messages: You receive a text message or email claiming to be from an authentic traffic authority. The notification states that you have an unpaid traffic penalty and imposes a significant charge.
Fake links: The mail will include a link that will prompt you to click to check the e-challan details or complete the payment.
Spoofed websites: Clicking the link may direct you to a fraudulent website that appears to be an actual traffic authority website. This website is designed to steal your personal information, such as credit card information, login credentials, or Aadhaar numbers.
Prevention tips
Visit official site: The government security agency recommends users to only make e-challan payments using official websites. It's vital to note that each state has its own e-challan website. Legitimate e-challan websites typically end with a ".gov.in" domain extension. So, before making a payment, make sure you're using the right website.
Don't click on suspicious links: As previously said, it's best to avoid clicking on random links. This might have harmful software on it that could harm your device.
Use antivirus software: Antivirus software is able to search for, identify, and prevent this kind of malware from infecting the device. Make sure the antivirus program is updated and has the latest available database.
If you have been a victim of financial fraud, you can file a report with your local police station as well as the cybercrime portal.