Cloned E-Challan Portal Payment Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Beware of Cloned E-Challan Portal Payment Fraud in India 2026: Protect Your UPI Payments

Scammers in India are increasingly targeting traffic fine payers with fake e-challan websites that steal your money via UPI.

What Is the Cloned E-Challan Portal Payment Fraud?

The Cloned E-Challan Portal Payment Fraud is a rising cybercrime where fraudsters create fake versions of India's official e-challan websites used for paying traffic penalties. These clones closely mimic the legitimate Parivahan e-challan portal but have subtle differences—most notably, they lack the official “.gov.in” domain. Through these fraudulent sites, scammers trick victims into making payments, which instead go directly to the fraudsters’ UPI accounts.

This scam primarily targets people who frequently pay traffic fines online—a growing segment of urban and tech-savvy Indians comfortable with digital payments. Fraudsters capitalize on the trust people place in government digital services and the convenience of UPI for instant payments. The scam is becoming widespread, with multiple public complaints reported across states, especially in metropolitan areas like Delhi, Mumbai, Bangalore, and Chennai.

Indian cybersecurity agencies including CERT-In and the Ministry of Home Affairs’ I4C (Indian Cyber Crime Coordination Centre) have alerted the public about such cloned government payment portals. Though no specific RBI advisory is issued for this scam as yet, this fraud falls under the RBI’s guidelines on UPI security and user protection measures.

How This Scam Works — Step by Step

1. Initial Contact: The victim receives an SMS or email, often appearing to be from the traffic police or another official government agency. The message states that the user has unpaid traffic fines and includes a link to the “online payment portal.”

2. Link and Portal: The link leads to a website almost identical in layout and design to the official Parivahan site but with a suspicious URL—usually missing the “.gov.in” suffix or containing extra characters or misspellings.

3. Payment Request: The victim is prompted to enter details such as vehicle number, license number, or Aadhaar number, followed by the fine amount to pay.

4. UPI Payment: Instead of taking payment through the official government gateway, the site provides a UPI ID (e.g., us**@bank) linked to the scammers and asks the victim to complete the payment manually via their UPI app.

5. Loss Realized: Once the payment is made, the money is transferred to the fraudsters’ account instantly. The victim receives no official receipt or confirmation through the real e-challan system.

6. Spread through Social Media: Meanwhile, the scammers distribute the cloned payment portals via WhatsApp groups, Facebook, or Instagram to amplify the scam and ensnare more victims.

Real Warning Signs to Watch For

• The URL doesn’t end with “.gov.in” but closely resembles official domains.
• Payment is requested through a UPI ID instead of official secure payment gateways.
• Unexpected or vague SMS/email about unpaid fines without prior notice.
• Urgent language pressuring you to pay quickly.
• Official logos or formatting look pixelated, inconsistent, or outdated.
• Request for your Aadhaar or sensitive personal information.
• Messages forwarded multiple times on WhatsApp or social media without verification.

What Happens to Victims

Victims suffer immediate financial losses as the scammer-controlled UPI accounts receive the fine payments. Because the payment goes outside official channels, RBI’s usual mechanisms for UPI payment disputes or reversals rarely apply. Victims cannot prove that they made a legitimate fine payment, leading to ongoing legal complications or repeated penalty notices.

Emotionally, victims may face stress, frustration, and loss of trust in digital government services. The scam can compound with Aadhaar misuse if personal details are collected during the fake payment process. Victims with stolen SIM cards or those experiencing SIM swap fraud after interacting with these messages may face risks to other bank accounts or digital wallets linked to their mobile number.

What RBI and CERT-In Say

The Reserve Bank of India mandates secure practices for UPI transactions and has repeatedly cautioned users to verify payee details before making payments. CERT-In advises users to be vigilant of phishing and spoofing attempts in digital communications, highlighting government portal cloning as a threat.

The Indian Cyber Crime Coordination Centre (I4C) recommends reporting such scams promptly via cybercrime.gov.in or calling the national cybercrime helpline at 1930. These agencies emphasize that genuine government portals will always use official domains ending in “.gov.in” and never request direct manual UPI payments to unknown accounts.

How to Protect Yourself

1. Always verify the URL of any e-challan or government payment link to confirm it ends with “.gov.in.”
2. Avoid clicking on SMS or email links; instead, manually visit the official Parivahan site or use trusted government apps.
3. Never make traffic fine payments via UPI IDs supplied in messages or emails—always use official payment systems integrated by the government.
4. Check with your local traffic police website or helpline before responding to any payment demand.
5. Protect your Aadhaar and other personal details; do not share them on suspicious portals.
6. Use multi-factor authentication on your UPI and mobile banking apps.
7. Regularly update your phone’s software and security patches to reduce vulnerability to SIM swap and malware attacks.

What to Do If You’ve Been Targeted

1. Immediately contact your bank or UPI app provider to report unauthorized payments and block further transactions.
2. File a complaint with your nearest cybercrime cell or register online at cybercrime.gov.in.
3. Report the incident to the national cybercrime helpline at 1930 for guidance and coordination.
4. Inform the issuing traffic police department about the fraud to prevent further penalties on your vehicle.
5. Change all passwords linked to your digital payment and email accounts.
6. Monitor your Aadhaar-linked services and credit reports for unusual activity.

Frequently Asked Questions

Q: How can I tell if an e-challan payment link is genuine?
A: Genuine e-challan portals always use official government domains ending with “.gov.in.” Never trust URLs that mimic this but lack the suffix or have unusual spelling. Also, official payments are processed through integrated payment gateways, not via manual UPI ID transfers.

Q: Can I get my money back if I pay on a cloned e-challan website?
A: Recovering money sent to scammer UPI accounts is difficult because payments are immediate and authorized by the user. You should report the fraud to your bank and cybercrime authorities promptly; sometimes banks may support dispute resolution but it is not guaranteed.

Q: What should I do if I receive an SMS about traffic fines but didn’t commit any violation?
A: Do not click on any links or make payments. Verify your vehicle status directly on official government portals or contact local traffic police. Fraudsters often use this tactic to lure victims who may panic or feel pressured.

For any suspicious message or link related to e-challan payments, verify its authenticity immediately at BharatSecure.app and report fraud at the national cybercrime helpline 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.