FASTag Official Portal Impersonation Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: FASTag Official Portal Impersonation Scam Hits Indian Vehicle Owners

The FASTag Official Portal Impersonation Scam is a new and serious phishing threat targeting millions of Indian FASTag users, putting their bank accounts and Aadhaar-linked details at high risk.

What Is the FASTag Official Portal Impersonation Scam?

In 2026, as FASTag use becomes mandatory for toll payments across India, cybercriminals have found a lucrative opportunity. The FASTag Official Portal Impersonation Scam involves fraudsters creating fake websites that mimic the National Highways Authority of India (NHAI) FASTag portal. These fake sites look almost identical to the official site but use URLs with slight changes — for example, “nhai-fastag.com” instead of the authentic “nhai.gov.in”.

This scam primarily targets Indian vehicle owners who rely on FASTag for seamless electronic toll collection. Scammers are actively sending phishing links through WhatsApp messages, SMS, and even cold calls pretending to be NHAI customer support agents. Victims are encouraged to enter personal data such as Aadhaar numbers, bank details, and mobile numbers linked with their UPI apps or mobile banking. Once scammers harvest this data, they can initiate unauthorised transactions, including emptying bank accounts via UPI or SIM swapping to bypass OTPs.

The scam is widespread across urban and semi-urban India, with complaints rising in states like Maharashtra, Tamil Nadu, and Delhi NCR. CERT-In (Computer Emergency Response Team – India) has recently issued warnings about such phishing attempts targeting government-related portals. The Reserve Bank of India (RBI) also regularly cautions users to avoid clicking on suspicious links related to financial services.

How This Scam Works — Step by Step

1. Initial Contact: The victim receives a WhatsApp message or SMS claiming to be from NHAI support. The message usually contains a link to verify FASTag status, update details, or claim a refund/discount.

2. Visiting the Fake Site: The user clicks the link, which leads to a website that looks just like the official NHAI FASTag portal but uses a slightly different URL.

3. Data Entry: The fake portal prompts the user to enter sensitive details—Aadhaar number, vehicle registration, mobile number, and sometimes even bank account or UPI PIN information under the guise of "verification."

4. Data Harvesting: Once the victim submits the details, scammers steal them immediately. They use this information to gain control over the user’s bank accounts or conduct identity theft.

5. Financial Loss: Using UPI frauds, SIM swapping, or unauthorized bank transfers, the scammers siphon off money from victims’ accounts, often leaving them distressed and helpless.

6. Covering Tracks: Scammers may also block the victim’s phone or block communication channels to make recovery difficult.

Real Warning Signs to Watch For

• URLs that are close but not exactly “nhai.gov.in” — look for extra words, missing dots, or unusual endings like ".com."
• Any message or call insisting on urgent action, offering rewards or refunds for FASTag without verification.
• Requests to share Aadhaar number, bank account details, or UPI PIN on websites or calls.
• Poor website design, grammar mistakes, or misspellings on customer support messages.
• Links received from unknown or unsaved WhatsApp contacts, or forwarded messages promising easy toll refunds.
• Calls from “NHAI officials” asking for OTPs or banking app credentials.
• Pressure tactics like “Your FASTag will be deactivated immediately unless you update details now.”

What Happens to Victims

Victims of this scam often suffer immediate financial losses as scammers swiftly transfer money using UPI or mobile banking apps. Since UPI transactions are instant and irreversible in most cases, recovering funds becomes difficult. Additionally, misuse of Aadhaar details can lead to identity theft—fake loans or accounts can be opened in victims’ names, causing long-term damage.

Victims may also face SIM swap fraud, where scammers convince mobile operators to issue a new SIM, gaining full control over the victim’s phone number. This enables them to bypass two-factor authentication (2FA) and drain bank accounts. Apart from financial harm, victims experience stress, anxiety, and frustration dealing with blocked accounts, police reports, and cybercrime complaints.

What RBI and CERT-In Say

RBI’s cybersecurity guidelines emphasize never to share your UPI PIN, passwords, or OTP with anyone, including government officials. The regulator has instructed banks to enhance customer awareness and monitor suspicious transactions closely.

CERT-In has raised alerts for phishing scams targeting government-related digital services. They urge users to verify URLs carefully and report suspicious activity through government portals or the 1930 Cybercrime Helpline. Both institutions support the crackdown on such scams and encourage Indians to remain vigilant, especially regarding unsolicited calls or links.

How to Protect Yourself

1. Always access FASTag services by typing https://nhai.gov.in directly into your browser—never click on links received via WhatsApp or SMS.
2. Do not share your Aadhaar number, bank details, OTPs, or UPI PIN on any website or phone call.
3. Verify the sender’s identity if contacted about FASTag issues—contact NHAI customer care through official numbers only.
4. Check website URLs carefully for spelling errors or suspicious characters.
5. Use UPI app transaction alerts and regularly review your bank statements for unfamiliar transactions.
6. Enable two-factor authentication (2FA) on your mobile banking and UPI apps.
7. Install an updated security app and keep your phone’s operating system patched to reduce malware risk.

What to Do If You’ve Been Targeted

1. Immediately block your bank cards and freeze your accounts by calling your bank’s helpline.
2. Report the fraud to your bank and request a UPI transaction reversal if possible.
3. File a complaint with the Indian Cyber Crime Coordination Centre (I4C) via cybercrime.gov.in.
4. Call the 1930 Cybercrime Helpline for guidance and help in reporting.
5. Inform your mobile operator to prevent SIM swapping or request a number lock.
6. Lodge a police complaint mentioning all communication details, including fake URLs and message screenshots.
7. Change all passwords related to your email, UPI, and banking apps.

Frequently Asked Questions

Q: How can I tell if a FASTag website is genuine?
A: Always check that the URL is exactly “https://nhai.gov.in” with no extra characters or mistakes. The official site will have proper SSL certification shown by a padlock icon near the address bar.

Q: Will NHAI ever call me asking for personal bank or Aadhaar details?
A: No, government agencies like NHAI never ask for PINs, OTPs, or Aadhaar details over calls or WhatsApp messages. Be suspicious of any such communication.

Q: If I accidentally shared my details, can I get my money back?
A: Contact your bank immediately and report the fraud. While RBI allows limited reversal of fraudulent UPI transactions, speedy reporting increases chances of recovery. Also, file a complaint with cybercrime authorities.

Your digital safety matters. Always verify suspicious messages or links before clicking by visiting BharatSecure.app — India’s trusted platform to keep you safe from online fraud scams. Stay alert, stay secure!