Remote-Access App FASTag Verification Fraud

How Remote-Access App FASTag Verification Fraud Works

Overview: This scam involves fraudsters tricking victims into installing remote-access apps under the pretense of "helping" with FASTag verification or KYC updates. Scammers pose as support staff from Paytm, banks, or NHAI and manipulate users into installing screen-sharing or device-control apps, which allow full control over the victim's device—resulting in money theft from linked bank accounts. How It Works: The victim receives an unsolicited call from someone claiming to be technical support or customer service. The caller asserts a FASTag issue (e.g., payment failed, KYC expired, account blocked) and offers to fix it immediately. They instruct the victim to download a remote-access app such as AnyDesk, QuickSupport, or a lookalike. Once the app is installed and the access code shared, the fraudster can see and control the entire phone screen, intercept OTPs, manipulate bank apps, and authorize fraudulent UPI or card transactions. Sometimes, the scam may use step-by-step guidance, reassuring the victim throughout to avoid suspicion. India Angle: This pattern is highly tailored to Indian habits, with scammers often using Hindi, English, or regional languages. Most cases are reported in Maharashtra, Delhi NCR, and Karnataka, and among less tech-savvy users, such as senior citizens, homemakers, or small business owners. Real Examples: - "Ma'am, your FASTag verification failed—download AnyDesk now and share the 9-digit code for remote help." - "Sir, your account is blocked. Just install the app and I'll update your KYC from here." Red Flags: - Requests to install unfamiliar or remote-control apps - Caller insists on receiving access code or watching as you input login details - Unsolicited promises of quick technical fixes - Caller refuses to provide official ID or call-back verification Protective Measures: - Never install or grant screen-sharing access to anyone calling you - Genuine support from Paytm or banks will not ask for remote device control - Hang up if you’re asked to download apps for service support - Reinstall your phone OS if you’ve given such access to remove malicious apps If Victimised: - Contact your bank, freeze accounts, and inform your FASTag issuer - Change all banking and app passwords after resetting your phone - File a cybercrime complaint at 1930 and cybercrime.gov.in immediately Related Scams: - Remote technical support call scams targeting digital wallet KYC - Fraudulent “bank app update” calls asking for remote access

How This Scam Works — Detailed Explanation

Scammers often use various platforms to identify and approach victims, predominantly targeting users of popular digital payment solutions like UPI and individuals who have recently interacted with FASTag services. They might browse social media platforms, forums, or even WhatsApp groups for users discussing issues or queries related to FASTag, UPI transactions, or banking services. Once a potential victim is identified, they initiate unsolicited phone calls posing as support agents from recognized entities such as Paytm, major banks, or the National Highways Authority of India (NHAI). The intent is to create a sense of urgency surrounding FASTag verification or KYC updates, prompting people to comply without verifying the legitimacy of the caller.

To manipulate their victims, fraudsters employ various psychological tactics. They often use the pretext of 'urgent assistance' to persuade individuals that their FASTag needs immediate attention for compliance or operational reasons. This tactic works especially well considering the increasing use of electronic toll collection across India. Once they have hooked a victim, they may reference vague policies about KYC or FASTag regulations, playing on the fear of penalties or service interruptions. By establishing a false sense of security and urgency, they effectively encourage victims to install remote access apps, convinced they are engaging with a legitimate support service rather than skilled con artists.

Once a victim is trapped in the scam, the almost inevitable sequence of events begins. The victim is guided to download remote-access applications like AnyDesk or TeamViewer, explaining that these tools are necessary for technical support. After installation, the scammers request device access codes or even the ability to view and control the victim’s screen. Since many significant transactions in India are made using UPI, linked to Aadhaar or bank apps, the scammers then maneuver to access the victim's banking information. Soon, the unsuspecting individual finds that funds are being siphoned from their accounts—often without them realizing it until it's too late. For example, in a case reported in Uttar Pradesh, a victim lost ₹3.5 lakhs within minutes after unknowingly granting access.

The impact of this scam in India is profound. Recent reports indicate that individuals lost over ₹200 crore in such scams just last year. The Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) have issued advisories warning citizens about these frauds. CERT-In, the government's Computer Emergency Response Team, has also been active in disseminating guidelines to raise awareness. With an increasing reliance on digital transactions via UPI and similar services, the vulnerability of users makes such scams particularly lucrative for criminals, leading to widespread financial losses that can be devastating for families.

To differentiate this scam from legitimate communications, it is crucial to remember a few key signs. Genuine representatives never ask for sensitive information like OTPs, nor do they request to install remote-access applications. Always check for official contact numbers or email addresses. Authentic customer service personnel will typically direct you to official channels for security verifications, rather than asking for immediate access to your device. If the communication feels rushed or pressured, it’s a clear red flag—always take time to verify claims with official sources before responding.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Remote-Access App FASTag Verification Fraud Target?

General public across India

Red Flags — How to Identify Remote-Access App FASTag Verification Fraud

• Asked to download remote-access or screen-sharing apps
• Callers demand device access codes or input monitoring
• Unsolicited help for FASTag or banking issues
• No official verification provided by the caller

What To Do If You Encounter Remote-Access App FASTag Verification Fraud

1. Report the incident immediately to Cybercrime helpline 1930 or visit cybercrime.gov.in for guidance.
2. Disconnect from the call and do not share any further information.
3. Inform your bank about the unauthorized access, using helplines such as SBI 1800-11-1109 or HDFC 1800-202-6161.
4. Change passwords for your bank accounts and any other sensitive applications linked to your phone.
5. Scan your device for malware or any unknown applications that were installed.
6. Educate friends and family about this scam to prevent them from falling victim.

How to Report Remote-Access App FASTag Verification Fraud in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?

Immediately inform your bank using their helpline and request to block your account. Consider filing a police report as well.

How can I identify the Remote-Access App FASTag Verification Fraud?

Recognize it by phone calls requesting remote access apps or sensitive information under the guise of FASTag support.

How do I report this type of scam in India?

You can report scams through cybercrime.gov.in or call the helpline 1930, and also notify your bank of the incident.

What steps can I take to secure my accounts after this scam?

Change all passwords associated with impacted accounts, enable two-factor authentication, and monitor your account statements for suspicious activities.

Related Scams in India

• 'PrintSteal' Operation - Fake KYC Document Generation
• AI Deepfake Executive Authorization Scam
• AI Voice Clone Urgent Money Transfer Scam (General)
• AI Voice Cloning Emergency Scam (Familiar Person)
• AI Voice Cloning Scams

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.