Indian e-Challan SMS Phishing to Browser Portal — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: HIGH | View Full Scam Details

Beware the 2026 Indian e-Challan SMS Phishing Scam Leading to Fake Browser Portals

In 2026, vehicle owners across India face rising threats from an urgent-sounding e-Challan SMS phishing scam that tricks victims into handing over money and personal data via fake browser portals.

What Is the Indian e-Challan SMS Phishing to Browser Portal?

This scam targets drivers and vehicle owners by sending fraudulent SMS messages that appear to be official electronic traffic fine (e-Challan) notices. The messages claim the recipient has unpaid fines and warns of legal consequences or vehicle seizure if action is not taken immediately. Such urgent language is designed to panic recipients into responding quickly without verifying the source.

The SMS messages usually come from unknown or suspicious numbers, and sometimes fraudsters attempt to mimic local mobile operator IDs like those of Reliance Jio. However, they are not sent from authorised government sender IDs, making them fake. These texts contain a hyperlink directing the recipient to a counterfeit e-Challan payment portal designed to look official.

This phishing technique has spread widely in India, especially in metro cities where digital payments and online vehicle services are common. According to public complaints registered with cybercrime cells and advisories from CERT-In, this scam is increasingly reported. The scam builds on the expanding use of online traffic fine payments but exploits lack of public awareness about government communication channels.

How This Scam Works — Step by Step

1. Fake SMS Arrival: The targeted vehicle owner receives an SMS saying they owe an unpaid fine. The message may say something like, “Your vehicle has a pending e-Challan. Pay Rs. 500 penalty or face vehicle seizure,” and include a clickable link.

2. Urgency and Fear Tactics: The SMS uses urgent language, threatening legal action or immediate penalties to rush the recipient.

3. Link to Phishing Portal: The victim clicks the link and is taken to a browser page that looks like a government e-Challan site.

4. Request for Details and Payments: On this fake site, the victim is asked to enter personal details — often Aadhaar numbers, vehicle registration info, or mobile numbers — and then prompted to pay the fine via UPI or debit/credit card.

5. Payment and Data Theft: When the victim pays using UPI apps or enters card information, both money and sensitive data are captured by scammers.

6. Aftermath: Scammers may attempt further frauds using stolen Aadhaar details or bank info, including unauthorized money transfers or SIM swap frauds.

Real Warning Signs to Watch For

• SMS from unknown or non-governmental sender IDs, sometimes mimicking telecom providers but not official government sender numbers.
• Grammatical errors, unusual phrasing, or suspicious URLs in the SMS link.
• Immediate threats of vehicle seizure or legal action demanding urgent payment.
• Links redirecting to browser portals rather than official government apps or websites (e.g., transport department or state traffic police domains).
• Requests for Aadhaar details or multiple personal data points on payment portals.
• Payment requests via UPI or card without secure HTTPS or government digital payment channels.
• No reference or ability to verify challan details independently on government transport portals.

What Happens to Victims

Victims typically suffer financial loss since UPI and bank payments made to scammers are seldom reversible—RBI rules permit limited chargeback options only for authorized merchants. Besides losing money, there is risk to identity privacy especially if Aadhaar or mobile numbers are exposed. This can lead to SIM swapping scams where fraudsters take over mobile numbers to authorize other fraudulent transactions.

Emotionally, victims often feel stressed and scared, fearing legal penalty or government action. They may also struggle to reclaim funds or clear their names, especially when unaware of the official channels for traffic fines. The spread of such scams undermines trust in digital services like DigiLocker and UPI that millions rely on daily in India.

What RBI and CERT-In Say

RBI has issued general advisories urging bank customers not to share OTPs or PINs and to always verify UPI payment requests carefully. CERT-In recommends vigilance against phishing links received by SMS or email, highlighting the rise in government-related phishing attacks.

The Ministry of Home Affairs’ Indian Cyber Crime Coordination Centre (I4C) supports filing cybercrime complaints on cybercrime.gov.in and emphasizes using the dedicated cybercrime helpline number 1930 for immediate reporting.

While no specific advisory solely on e-Challan SMS phishing exists publicly, the regulatory framework encourages verifying messages through official transport department websites or apps and warns against following unfamiliar links.

How to Protect Yourself

1. Always verify e-Challan fines directly via official transport department websites or through state police portals, not by clicking on SMS links.
2. Ignore SMS messages from unknown numbers or that do not come from government sender IDs.
3. Never share OTPs, Aadhaar numbers, or banking details on websites linked from unsolicited messages.
4. Use the government’s DigiLocker or mParivahan app to check traffic fines rather than unknown portals.
5. If you must pay fines online, type the official web address manually rather than clicking random links.
6. Enable UPI PIN and transaction alerts so you can detect unauthorized payments quickly.
7. Report suspicious SMS or calls immediately to the 1930 cybercrime helpline and your bank.

What to Do If You’ve Been Targeted

• Stop any ongoing payment or data entry immediately once you suspect a scam.
• Contact your bank to block or freeze transactions and your UPI ID.
• Report the incident to the police cybercrime wing and file a complaint at cybercrime.gov.in.
• Call the 1930 cybercrime helpline for guidance on steps to protect your identity and finances.
• Change passwords and UPI PINs for all digital payment and Aadhaar-linked services.
• Inform your mobile operator to check for SIM swap attempts.
• Keep all evidence such as the SMS text, screenshots of the portal, and transaction receipts for investigation.

Frequently Asked Questions

Q: How can I verify if an e-Challan SMS is genuine?
A: Always cross-check your vehicle’s e-Challan status on official government transport websites, DigiLocker, or mParivahan app. Do not click on links received in SMS from unknown numbers.

Q: What should I do if I accidentally paid on a fake e-Challan portal?
A: Immediately inform your bank to try and block or reverse the transaction if possible, report to police cybercrime cells, and notify the 1930 helpline to record your complaint.

Q: Are UPI payments reversible if sent to fraudsters?
A: UPI transactions generally cannot be reversed easily once completed. Immediate reporting to your bank and police increases chances of recovery but prevention is best.

For your safety, always verify suspicious e-Challan or government communication on BharatSecure.app before taking action. Report any fraud attempt to the 1930 cybercrime helpline promptly.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.