FASTag Annual Pass Data Theft Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: CRITICAL | View Full Scam Details

Beware the FASTag Annual Pass Data Theft Scam in India 2026: How to Stay Safe from This Critical Threat

The FASTag Annual Pass Data Theft Scam is a rising cybersecurity threat targeting vehicle owners across India, risking your personal and financial data.

What Is the FASTag Annual Pass Data Theft Scam?

The FASTag Annual Pass Data Theft Scam is a new form of online fraud that targets vehicle owners who use FASTag — the electronic toll collection system endorsed by the National Highways Authority of India (NHAI). This scam preys on people interested in purchasing an annual FASTag pass, which offers convenience and cost savings for toll payments across Indian highways.

Scammers create fake websites that look like official NHAI portals or popular payment platforms, promising discounted annual FASTag passes or special benefits supposedly unavailable elsewhere. They often approach victims via WhatsApp forwards, SMS, or social media advertisements. Due to the widespread use of FASTag—mandated for most vehicles by the Ministry of Road Transport & Highways—this scam affects a large population across urban and rural India.

While specific advisories about this scam from RBI or CERT-In have not been issued yet, the incident aligns with known patterns of phishing and data theft warned against by India’s CERT-In and the Ministry of Electronics & IT. The Indian government continually urges the public to verify websites and links before submitting any personal information online, especially related to payment details like Aadhaar or bank accounts.

How This Scam Works — Step by Step

1. Initial Contact: You might receive a WhatsApp message, SMS, or social media ad claiming to offer an exclusive discount or “limited-time” deal for an annual FASTag pass. The message often includes a link to a website that looks official.

2. Visiting the Fake Site: Clicking the link takes you to a website designed to resemble NHAI’s official site or a trusted payment platform. The site may have logos, terms, and FAQs to build trust.

3. Data Collection: To avail the offer, the site asks for detailed information, including your vehicle registration number, Aadhaar number, phone number, bank details, and FASTag account credentials.

4. Payment Request: The fake site requests an upfront payment via UPI, net banking, or mobile wallet for processing the discounted annual pass. This payment goes directly to the scammer’s account.

5. Data Theft and Misuse: Once you submit data and payment, scammers use your information for further fraud. This can include cloning your FASTag, unauthorized toll deductions, SIM swapping to hijack your phone number, or even identity theft through Aadhaar misuse.

6. Victims Lose Money and Control: The promised annual pass never arrives. Victims find unauthorized transactions on their bank and FASTag accounts, and recovery becomes difficult.

Real Warning Signs to Watch For

• Unsolicited Links: Receiving unexpected WhatsApp or SMS messages offering discounted FASTag passes with links.
• Misspelled URLs: Website addresses that slightly differ from official NHAI or payment portals (e.g., extra letters, misspellings).
• Urgency and Limited-Time Offers: Messages pressuring you to act quickly to avoid missing out.
• Requests for Sensitive Data: Asking for Aadhaar, bank account numbers, or FASTag login credentials upfront.
• Non-Official Payment Methods: Payment requested via personal UPI IDs or mobile wallets rather than secure RBI-approved gateways.
• Poor Website Security: Sites lacking ‘https’ or showing security warnings in your browser.
• No Official Confirmation: Absence of order or payment confirmation from NHAI or your bank after payment.

What Happens to Victims

Victims often face significant financial loss, with money paid for fake passes gone irretrievably. Fraudsters may also misuse Aadhaar details to commit identity theft, opening fake bank accounts or taking loans in the victim’s name. SIM swaps triggered by shared data can lead to loss of mobile number control, impacting UPI transactions and two-factor authentication, making recovery of funds more complex.

The emotional toll is heavy as victims feel violated and anxious about ongoing unauthorized activity. Unlike simple fraud, identity theft can have long-term consequences affecting credit scores and access to government benefits linked to Aadhaar.

What RBI and CERT-In Say

While there is no specific advisory on the FASTag Annual Pass scam as of now, RBI and CERT-In regularly issue guidelines on phishing and data theft schemes:

• RBI advises customers to use only official apps and websites for financial transactions, and never share OTPs, PINs, or passwords.
• CERT-In reminds users to verify URLs carefully, avoid clicking on unsolicited links, and report phishing attempts to the 1930 Cybercrime Helpline.
• The Ministry of Road Transport & Highways has called for vigilance against fraudulent FASTag sellers and unauthorized apps.

For concerns related to digital payments or identity theft, customers can contact RBI’s toll-free helpline 1800-111-555 or CERT-In’s incident reporting portal.

How to Protect Yourself

1. Only Buy Annual FASTag Pass Through Official Channels: Use the official NHAI website or apps recognized by the government.
2. Verify URLs: Double-check website addresses for authenticity and ensure ‘https’ is present.
3. Don't Click Unknown Links: Avoid clicking on unsolicited SMS or WhatsApp messages offering deals.
4. Never Share Sensitive Data: Do not provide Aadhaar, bank details, or FASTag credentials on unverified portals.
5. Use Secure Payment Methods: Always transact through pages with RBI-approved payment gateways, not personal UPI IDs.
6. Keep Your SIM Secure: Avoid sharing phone details that can lead to SIM swapping.
7. Monitor Your Accounts Regularly: Check your FASTag and bank statements for unauthorized transactions frequently.

What to Do If You’ve Been Targeted

If you suspect you have fallen victim to this scam:

1. Stop Any Further Transactions: Immediately block UPI or net banking apps linked to your FASTag payment.
2. Contact Your Bank and FASTag Provider: Inform them about unauthorized transactions to attempt reversals or freeze accounts.
3. File a Cybercrime Complaint: Report your case on cybercrime.gov.in or call the 1930 Cybercrime Helpline.
4. Inform Telecom Provider: Request a SIM block or reissue to prevent further SIM swap damage.
5. Keep Records: Save all messages, transaction IDs, and screenshots for evidence.
6. Report to CERT-In: Inform the Indian Computer Emergency Response Team for further investigation.

Frequently Asked Questions

Q1: Can I really get an annual FASTag pass at a discount through third-party websites?
Officially, the NHAI recommends purchasing passes only from its authorized portals or banks. Discounts or special offers from unknown sites are often fraudulent, so it’s safest to avoid them.

Q2: How can I check if a FASTag website is genuine?
Look for the official domain name ending with ‘.gov.in’ or trusted bank URLs. Ensure the site uses ‘https’ and avoid links sent through unsolicited messages.

Q3: What immediate steps should I take if I shared my FASTag or Aadhaar info on a suspicious site?
Immediately change all related passwords, notify your bank and FASTag provider, and file a complaint on the cybercrime portal. Also, monitor your accounts closely for any unusual activity.

If you receive suspicious messages or want to verify offers related to FASTag or digital payments, visit BharatSecure.app for trusted guidance and report fraud to the 1930 helpline to protect yourself and others.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.