A senior Indian Army officer stationed in Pune has become the latest victim of a sophisticated online scam, losing a staggering sum of over Rs 3.8 lakh to cyber criminals. The fraud was executed through a deceptive message about a pending traffic challan.
The Deceptive Message and Immediate Loss
The colonel, who is in his late 40s and works with a defence establishment in Pune, received a text message late on Monday night, December 16. He opened the message the following morning. The link inside redirected him to a page claiming he had a pending payment of Rs 590 for a traffic violation concerning his vehicle.
Believing it to be legitimate, the officer proceeded to fill out an online form with his financial details. He then clicked to generate a One-Time Password (OTP). Within moments, he was shocked to see an unauthorised transaction of 32,939 Hong Kong Dollars (approximately Rs 3.81 lakh) deducted from his credit card. The payment was made to a hotel located in Hong Kong.
Police Action and Official FIR
The officer immediately approached the authorities. An FIR was formally registered at the Chatushrungi police station on Wednesday, December 18. The case has been taken up for investigation, highlighting the growing threat of such digitally-enabled crimes even to vigilant individuals.
Modus Operandi: A Common Cyber Fraud Tactic
Investigating officers have pointed out that this fake traffic challan fraud follows an identical pattern to scams involving counterfeit gas or electricity bills. The cycle typically begins with cyber criminals dispatching SMS, emails, or WhatsApp messages that are carefully crafted to appear as official communication from government bodies, traffic police, or utility providers.
These messages create a sense of urgency by stating that a bill or challan payment is overdue and include a link for verification or payment. Upon clicking, victims are taken to a fraudulent website that mimics a genuine government portal. Here, they are prompted to enter sensitive information.
The critical data scammers seek includes:
- Personal identification details
- Credit or debit card information
- One-Time Passwords (OTPs)
Once this information is submitted, fraudsters swiftly use it to conduct unauthorised transactions, drain bank accounts, or misuse credit cards, as happened in the colonel's case.
A More Dangerous Variant: Remote Device Access
In an even more invasive version of this scam, simply clicking on the malicious link can install spyware or remote-access software on the victim's phone or computer. This grants criminals unauthorised control over the device, allowing them to monitor activity, capture passwords and OTPs directly, and access mobile banking or payment apps. They can then initiate fund transfers without the victim's immediate knowledge.
Police have issued a strong appeal to the public, urging extreme caution while making any online payments or responding to messages about pending dues. Citizens are advised to directly visit the official websites of concerned departments through known URLs instead of clicking on links provided in unsolicited messages.
