Remote-Access App FASTag Verification Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Beware of Remote-Access App FASTag Verification Fraud in India 2026: Protect Your UPI and KYC Details

Scammers posing as officials from Paytm, banks, or NHAI are tricking people into sharing remote-access app permissions under the pretext of FASTag verification, leading to serious financial loss.

What Is the Remote-Access App FASTag Verification Fraud?

This high-risk scam targets Indian digital payment users, especially those who recently used FASTag services or UPI for toll payments and banking. Fraudsters exploit the growing necessity of FASTag verification—mandated by the National Highways Authority of India (NHAI) for automated toll collection—to pressure people into revealing sensitive details like OTPs and bank KYC data.

Reported across several states, this fraud is gaining traction in 2026 as more people link their bank accounts and Aadhaar to FASTag. Scammers use social media, WhatsApp groups, and forums where users seek help on FASTag issues to identify victims. They then call impersonating representatives from trusted entities like major banks, Paytm, or NHAI toll services. The urgency created around verifying FASTag or updating KYC compels many to comply without proper checks.

The Indian Computer Emergency Response Team (CERT-In) and the Indian Cyber Crime Coordination Centre (I4C) have recently issued alerts reminding people to avoid sharing remote access or OTPs with unknown callers, especially under requests related to FASTag or UPI transactions. The Reserve Bank of India (RBI) also advises caution when receiving unsolicited calls asking for banking details or app installation.

How This Scam Works — Step by Step

1. Victim Identification: Scammers scan social media platforms, Telegram or WhatsApp groups, and online forums where people discuss FASTag problems or UPI transactions. Users posting queries become targets.

2. Initial Call or Message: The victim receives an unsolicited call from a caller claiming to be from Paytm customer support, a major bank, or NHAI FASTag helpdesk. The caller warns about urgent FASTag verification failure or KYC issues that might block toll payments.

3. Building Trust: The caller uses official-sounding language, may quote partial details of the victim’s FASTag account or bank, creating a false impression of legitimacy.

4. Request to Install Remote-Access App: To “verify” the victim’s FASTag or update KYC, the caller instructs the victim to download a remote-access app (like TeamViewer, AnyDesk, or other similar apps) on their smartphone.

5. Gaining Control: Once the victim installs and grants permission, the scammer remotely controls the device, accessing banking apps, UPI dashboards, or other financial apps linked to FASTag or Aadhaar.

6. OTP and UPI Transaction Fraud: The scammer triggers transactions, then asks the victim to share OTPs received on their phone — or directly initiates UPI payment requests. Since they control the remote-access app, the victim often cannot stop or cancel these transactions.

7. Money Drained: Using the control and OTPs, the scammer transfers money out of the victim's linked bank accounts, sometimes draining recurring payments setups or fixed deposits authorized via UPI mandates.

Real Warning Signs to Watch For

• Unsolicited calls claiming urgent FASTag or KYC issues, especially when you haven’t initiated any related request.
• Callers pressuring you to install remote-access apps immediately.
• Requests to share OTPs received on SMS or banking apps.
• Caller refusing to give official callback numbers or insisting on continued remote session.
• Messages or calls claiming to be from NHAI or banks but from unknown phone numbers.
• Any demand to share Aadhaar or PAN details as part of urgent verification over phone.
• Prompting immediate action without time to verify credentials or contact official customer care.

What Happens to Victims

Victims often suffer severe financial loss, as scammers drain their linked bank accounts via UPI payments authorized through the remote-access app. Once money leaves the bank, RBI and banks’ grievance redressal mechanisms make recovery difficult — UPI transactions are usually irreversible if made with OTP consent.

Additionally, device control compromises personal data, Aadhaar information, and other banking credentials, increasing risk of identity theft. Some victims face emotional distress and mistrust of digital payments, impacting their daily lives and mobility reliant on FASTag.

SIM swap frauds sometimes compound this by intercepting OTPs, leaving account holders unable to recover lost funds quickly. Reports to cybercrime authorities show growing numbers of these cases nationwide.

What RBI and CERT-In Say

The RBI regularly warns banking customers to never share OTPs or passwords with anyone, even if they claim to be bank officials. The CERT-In issues advisories emphasizing NOT to grant remote access to unknown callers or install apps on request from unverified sources.

The 1930 cybercrime helpline provides government assistance for reporting digital fraud. RBI’s helpline (phone numbers available on RBI’s official website) helps victims with banking transaction issues. The Indian Cyber Crime Coordination Centre (I4C) assists in complaints related to financial fraud.

Together, these agencies stress that banks or government agencies will never ask for sensitive data or app installations to verify FASTag or KYC over unsolicited calls.

How to Protect Yourself

1. Never install remote-access apps or grant device control to callers claiming to be from banks, Paytm, or NHAI unless you initiated the contact through official customer service.
2. Do not share OTPs, Aadhaar, PAN, or bank passwords over phone or WhatsApp.
3. Verify caller identity by calling back official bank or FASTag helpline numbers listed on verified websites.
4. Keep your smartphone OS and banking apps updated to reduce vulnerabilities.
5. Regularly monitor your UPI and bank account transactions on apps or internet banking for any unauthorized activity.
6. Use official FASTag apps or portals for any KYC updates or FASTag issues; avoid third-party links.
7. Set UPI transaction limits as per comfort to minimize losses if fraud occurs.

What to Do If You've Been Targeted

• Immediately disconnect the remote access session and uninstall the suspicious app.
• Block and Do Not Disturb (DND) the caller’s number.
• Change passwords and UPI PINs linked to your bank accounts.
• Report the incident at cybercrime.gov.in or call the 1930 cybercrime helpline.
• Inform your bank immediately to freeze or monitor accounts for unusual transactions.
• File a police complaint with local cybercrime authorities providing all details — call logs, messages, app info.
• Keep track of all communications and receipts for follow-up.

Frequently Asked Questions

Q: Can FASTag or NHAI officials call me to verify KYC?
A: No. Official FASTag or NHAI agencies do not call customers unsolicited for KYC updates or OTP requests. Verification is done via official portals or apps.

Q: What if I accidentally shared OTP or allowed remote control?
A: Disconnect your phone from the internet immediately, uninstall the remote-access app, and contact your bank to freeze accounts or block payments. Then report to cybercrime authorities and 1930 helpline.

Q: How can I verify if a call about FASTag or bank issue is genuine?
A: Hang up and call official customer care numbers listed on bank or NHAI websites. Never trust caller-provided numbers or links.

Stay vigilant about calls or messages requesting remote access or urgent FASTag verification. Scammers exploit trust in digital payments to steal money quickly.

Check suspicious messages or calls at BharatSecure.app, and report fraud immediately to the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.