An advanced scam that targets WhatsApp users in India has been revisited, this time under the well known name of an RTO challan on traffic violations.
Fraudsters send a message, saying that your vehicle was fined, and in the message, there is a link or APK file to see the challan.
However, when you tap or even install the file, you might be giving hackers complete access to your phone, putting your bank and money, contacts, and personal life in great danger.
The working of the scheme is, in simple terms, as follows:
- The message in WhatsApp is sent as though it is a message by your state transport authority or the mParivahan portal. It goes to the extent of displaying your car number with the appearance of being real.
- The message will request that you download an APK file or tap on the link that will say something like “Open RTO e-challan here” or “Pay traffic fine immediately.”
- By downloading the file and installing it, the malware may demand too much access to the phone, including SMS reading and call hijacking, and make it your default message app.
- Using these authorizations, hackers will be able to steal your OTPs, empty your bank account, access your WhatsApp account, steal your contacts, and send the crisis to your friends.
- Other victims do not suspect anything until they detect some transactions without authorization or are locked out of WhatsApp and cannot log in.
Why You Should Care, and How to Stay Safe
It is not only about a bogus fine but also hackers who get their hands on your phone and steal.
The thoughts might be, “I will simply uninstall fast,” and by this time some damage can be caused. Reports on cybercrime show that victims have lost thousands even lakhs of rupees after installing these counterfeit applications or APKs.
The following are some of the main considerations and actions you can take:
- Formal communication does not communicate such messages through WhatsApp. Veritable chromans, or messages, arrive using the official government SMS or authorized applications or trusted portals by economic definition, not as unsolicited links requesting the installation of that APK.
- A file should not be installed from a link or by an unknown sender. When a person forwards to you RTO Challan.apk, you are supposed to reject it. Never make any application your default SMS or message manager unless you downloaded it by hand from some reputable store.
- Validate your vehicle number and portal individually. In case you are informed that there is a fine, then just visit the official traffic portal or application with your vehicle number. Please do not use the link in the message.
- Check permissions and also enable two-factor authentication (2FA). Check what your apps can do on your phone, and particularly new apps. When it has SMS reader and overlay permission or is set as default, then that is a red flag.
- In case of hacking into your account, alert your people. Attackers will usually target your contacts once you have been gained as a remote access point, so alert them that you are a victim. Immediately contact your bank in case you feel there is some unusual activity.
- Hold your phone applications and operating systems current. Security vulnerabilities that are associated with malware are usually patched regularly. Moreover, consider applying good antivirus or malware-scanner programs in case you feel that something is going haywire.
Summing up, the WhatsApp RTO fraud is an extreme menace that integrates social engineering and malfunction to compromise users at large rates and within a short time.
This would enable one to lose their phone privacy, banking information, and personal information just by clicking or installing it.
Being vigilant, being thematic of unanticipated messages, not downloading something without confirmatory knowledge, and using official media to confirm things will go far in defending yourself.
Keep in mind, traffic fines are not downloadable as WhatsApp buttons can be, and your faith must not be either.
