New Delhi, January 3: A Delhi resident has lost over ₹4 lakh in a sophisticated cyber fraud after clicking on a fraudulent traffic challan link sent via WhatsApp. The scam, which impersonated the government’s transport department, allowed fraudsters to gain remote access to the victim's device and drain his credit cards through unauthorized digital transactions.

The Hook: A Routine Fine Notice

The victim, identified in police records as Harit, received a message from an unknown number posing as "NextGen mParivahan." The message claimed he had a pending traffic violation fine of ₹1,000 and included a link to "process" the payment. Believing the notice to be legitimate and associated with the Ministry of Road Transport and Highways, the victim clicked the link, which prompted the download of a mobile application. While the app failed to show any traffic violation details after installation, it effectively served as a gateway for hackers to infiltrate his phone. Digital Arrest Scam in Mumbai: 75-Year-Old Retired BMC Official Duped of INR 16.5 Lakh by Fake ATS, NIA Officers Over ‘Delhi Bomb Blast Probe’.

Anatomy of the Breach

Shortly after installing the app, the victim noticed suspicious activity on his Amazon account. Within minutes, he received an email notification stating his e-wallet password had been changed. The fraudsters then managed to alter his registered email ID, locking him out of his own account. Using saved credit card information, the scammers executed five high-value transactions totaling approximately ₹4,05,000. The funds were used to purchase e-gift cards, which were instantly delivered to the fraudsters' email addresses, making the money nearly impossible to track once redeemed. How a KYC Update Turned Into Fraud: Delhi Police Arrest 4 for WhatsApp-Based Scam Involving Malicious APK File Downloads.

How the Scam Operates

Cybersecurity experts have mapped out the specific stages of this attack to help the public identify red flags before it is too late:

  • Step 1: The Phishing Message – You receive a WhatsApp or SMS message claiming you have a pending traffic fine. It often uses official-looking logos and terms like "NextGen mParivahan."

  • Step 2: The Malicious Link – The message directs you to click a link to pay the fine. This link does not lead to a government website but instead triggers the download of a malicious APK (Android Package) file.

  • Step 3: Device Compromise – Once the app is installed, it requests "Accessibility" or "Notification" permissions. This allows the scammers to view your screen, intercept OTPs (One-Time Passwords), and read your messages remotely.

  • Step 4: Financial Theft – The fraudsters access your banking apps or e-commerce accounts. Since they can see your OTPs in real-time, they can bypass two-factor authentication to transfer money or purchase gift cards.

How to Stay Safe

To protect yourself from falling victim to such sophisticated digital traps, experts recommend the following safety measures:

  • Verify the URL: Official government websites always end in .gov.in or .nic.in. If a link leads to a different domain or prompts an automatic download, close it immediately.

  • Check Official Portals Directly: If you receive a fine notice, do not click the link provided. Instead, manually visit the official Digital Traffic/Transport Challan portal (parivahan.gov.in) and enter your vehicle number to verify the claim.

  • Avoid Third-Party Apps: Never install apps via links sent on WhatsApp or SMS. Only download official apps, such as the genuine mParivahan app, from the Google Play Store or Apple App Store.

  • Limit App Permissions: Be wary of any app that asks for permission to read your SMS or access "Accessibility Services," as these are often used by malware to steal OTPs.

  • Secure Your Accounts: Avoid saving credit or debit card details on shopping websites. Enable biometric locks for your banking and payment apps.

A Growing Pattern of ‘Challan Scams’

This incident is part of a rising trend of "Challan Scams" across the Delhi-NCR region. Just last month, an elderly resident in East Delhi was defrauded of ₹2.5 lakh under similar circumstances after trying to pay a fake ₹500 fine. Authorities noted that scammers are moving beyond simple SMS messages, now using WhatsApp and even PDF documents to appear more formal. These messages often lack specific details such as vehicle numbers, offense locations, or notice numbers—details that are always present in genuine government communications.

Police Warning and Safety Measures

The Delhi Police have registered a case under Section 318(4) (cheating) of the Bharatiya Nyaya Sanhita (BNS). Cyber experts are urging citizens to be extremely cautious of unsolicited messages regarding legal penalties. If a fraud is detected, victims should immediately report it to the National Cyber Crime Helpline at 1930 or via the official portal at cybercrime.gov.in. Reporting within the "golden hour"—the first 60 minutes after the fraud—is critical to increasing the chances of freezing the stolen funds before they are moved out of the banking system.

TruLY Score by LatestLY
Rating:3

TruLY Score 3 – Believable; Needs Further Research | On a Trust Scale of 0-5 this article has scored 3 on LatestLY, this article appears believable but may need additional verification. It is based on reporting from news websites or verified journalists (News 18), but lacks supporting official confirmation. Readers are advised to treat the information as credible but continue to follow up for updates or confirmations

(The above story first appeared on LatestLY on Feb 03, 2026 04:32 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).