What Is The WhatsApp Challan Scam - Don't Get Scammed

A Supreme Court judge recently discovered the hard way that phishing scams impersonating government authorities are sophisticated enough to fool anyone. Justice Satish Chandra Sharma received an SMS claiming his vehicle had been recorded speeding and was told to pay a fine immediately.

When he clicked the link, he landed on a website that looked exactly like the official traffic enforcement portal. Only his vigilance prevented financial loss. If a sitting judge of India's highest court can be targeted, millions of ordinary vehicle owners are equally vulnerable.

Comedian warns people through social media post

The scam is spreading rapidly across metro cities and smaller towns alike. Mumbai-based comedian Shridhar V recently warned social media about an experience that nearly cost him his card details. He received an SMS from a regular 10-digit mobile number claiming he had a pending challan for speeding.

The message included a link directing him to what appeared to be the government's Parivahan portal. At first glance, everything looked legitimate: the Ashoka emblem, official branding, and a message stating "Urgent Payment Required! You have an outstanding traffic fine of ₹500. Pay immediately."

The red flag appeared only when he examined the URL closely. The website's address read "echallan.pasvahan.icu" instead of the authentic government domain "echallan.parivahan.gov.in". The scammers had simply replaced the letter "r" with an "s" in "Parivahan," a subtle difference that most users would miss. The original SMS also used a shortened link (cutt.ly), which further obscured the destination URL and made the fraud harder to spot.

Shridhar's post struck a chord online. Within hours, hundreds of users replied saying they had received identical SMS alerts repeatedly, some as frequently as once a month. A Supreme Court judge's near-miss experience had confirmed what ordinary citizens already knew: the scam is both widespread and convincing.

Here's how the fraud operates

Scammers send messages via SMS or WhatsApp claiming the recipient has violated a traffic rule and must pay a fine to avoid license suspension or legal consequences. The message includes the recipient's vehicle number, making it appear as though the system has matched the vehicle to a specific violation.

Clicking the link takes the victim to a cloned government website that mirrors the official Parivahan portal's branding and layout. The fake site then prompts the victim to enter personal and financial details to clear the alleged challan.

The dynamic insertion of details is where the scam becomes particularly credible. When a user inputs any details on the fake portal such as challan number, vehicle number, or driving licence number the system automatically displays those inputs alongside a fabricated challan record on the next screen. This creates the illusion that the portal is genuinely retrieving official records from government databases, when in reality it is simply echoing back whatever the user entered.

Once the victim clicks "Pay Now," they are directed to a payment page that requests full card details, expiry dates, and CVV numbers. Scammers deliberately restrict payments to credit and debit cards rather than accepting UPI or net banking, making the fraud harder to trace. Some variants go further, deploying malicious APK files disguised as official Parivahan apps, which, once installed, can remotely access the victim's phone and drain their bank accounts.

Victims face big financial losses

The financial losses have been catastrophic for those who fell prey. A businessman in Vadodara lost Rs 34.75 lakh after installing a malicious RTO e-challan app from WhatsApp. A Nashik resident lost Rs 6 lakh when a malicious APK granted remote access to his banking information. In Coimbatore, a victim lost Rs 2.96 lakh. A Rajkot shop owner lost Rs 10.81 lakh. These are not isolated incidents; they reflect a coordinated, profitable criminal operation.

Cybersecurity researchers have identified multiple attacker-controlled servers hosting rotating, automatically generated phishing domains. Analysis shows that the same infrastructure supporting e-challan scams also hosts phishing pages impersonating banks like HSBC and logistics companies like DTDC and Delhivery. This suggests a professionalized phishing ecosystem that uses government fraud as one vertical among many.

Adding to the credibility problem, scammers often use real vehicle registration numbers, sometimes obtained through leaked databases or publicly available information online. They pair these with threatening language such as "Pay in 2 hours or license suspended" or "Court summons imminent," designed to trigger panic and bypass careful thinking.

Government has issued repeated warnings

The Ministry of Road Transport and Highways has explicitly advised citizens to independently verify challan details only through official government portals ending in ".gov.in," avoid clicking links from unsolicited messages, and never share banking or card details on unverified websites. Official government agencies do not send payment links via SMS or WhatsApp. Instead, they use dedicated sender IDs and direct recipients to official portals where they can log in with credentials and verify their information independently.

The official process is straightforward. Vehicle owners can visit parivahan.gov.in, search for their challan using their registration number or driving licence number, and view actual fines issued. The official site also requires verification through registered mobile numbers or Aadhaar before displaying payment options. Any website that displays a challan without asking for verification details is fraudulent.

Warning signs are present but often ignored. Spelling mistakes, odd spacing, inconsistent fonts, unverified domains, shortened URLs, and threats designed to create urgency are all common red flags. Grammar errors in messages claiming to be from official authorities should immediately raise suspicion. Government communications rarely contain such mistakes.

Apps are particularly dangerous. The official Parivahan and e-Challan services are available through the Play Store and App Store under verified government publishers. Never download apps from links sent via WhatsApp or SMS, regardless of how official they appear. Such applications can access contacts, SMS messages, banking apps, and financial data once installed.

How to verify a genuine traffic challan?

To verify a genuine challan, vehicle owners should independently navigate to parivahan.gov.in in their browser without clicking any links. They should search for their vehicle using the official search interface and verify that any fine has been issued by a genuine traffic authority. If unsure, they can contact their local traffic police or RTO using official phone numbers listed on government websites.

Citizens who receive suspicious challan messages should report them to the national cybercrime portal (cybercrime.gov.in), block the sender number on WhatsApp, and avoid engaging with the link. Police in major cities including Delhi, Mumbai, Bengaluru, Chennai, and Hyderabad have registered cases against e-challan scammers, though prosecution has been slow.

The persistence of this scam suggests that despite numerous warnings, millions of Indians remain unaware of the threat or unable to distinguish between legitimate government communications and sophisticated forgeries. The fact that a Supreme Court judge nearly fell victim should serve as a sobering reminder: alertness is the only defence against fraud this well executed.