Phishing
mins read

FASTag Phishing Campaigns Flourish on Social Media

FASTag Phishing Campaigns Flourish on Social Media

February 4, 2020
Green Alert
Last Update posted on
February 3, 2024
Protect Your Brand Reputation from fake social media pages

CloudSEK XVigil's Fake Social Media Handles module helps you combat fake identities and protect your brand reputation, ensuring a secure digital presence

Schedule a Demo
Table of Contents
Author(s)
No items found.

FASTag Phishing Campaigns Flourish on Social MediaWith FASTag, toll collection is the latest of our everyday services that has gone digital. And, as is their wont, cyber criminals have already figured out ways to exploit it. FASTag, which is an Electronic Toll Collection (ETC) instrument, is mandated by the Government of India, for all vehicles passing through toll booths across the country. Considering the growing adoption, combined with users’ limited experience, it is not surprising that scammers are launching phishing campaigns by employing novice social engineering approaches.

In this article, we explore the different types of phishing campaigns and the channels that facilitate them. 

FASTag Phishing Campaigns

Though FASTag is a straightforward service, there are several avenues, ranging from distribution to after-sales support, through which scammer can exploit it. 

Scammers are defrauding people in the following ways:

  • Selling fake FASTags 
  • Recruiting other scammers
  • Selling FASTag distributor rights
  • Operating fake helpline numbers
  • Providing unblocking services for blacklisted FASTags

Scammers are delivering these campaigns via: 

  • Social media
  • Email
  • Online marketplaces
  • Chat platforms
  • Deep web sites
  • Surface web sites

We will investigate each of these scamming methods and the channels used to facilitate them. While FASTag scammers are present across the internet, they are especially active on social media because of how easy it is to create accounts and conceal their identities. 

Selling Fake FASTags

Social media 

There are social media profiles, personally promoting the “FASTag” project implementation (especially in local languages), even though they are not officially authorized or connected to the project. 

Facebook post advertising FASTag
Facebook post advertising FASTag

Some accounts are also offering services on behalf of authorized FASTag banking partners, by advertising the bank’s name along with their personal contact numbers. Since we cannot verify if such individuals are authorized to act on behalf of these financial institutions, it is best to avoid responding to their posts, to avail their services.

Post on a closed Facebook group advertising by including NPCI and HDFC
Post on a closed Facebook group advertising by including NPCI and HDFC

There are also social media posts that are promising free FASTags and FASTag services, even though the actual price is INR 500. However, they appear trustworthy to the general public because some of these campaigns include genuine images.

Post offering free FASTags
Posts offering free FASTags

Email 

Since FASTag became mandatory on 1st December 2019, we have observed phishing emails, delivered from various networks, to personal email IDs. Many of these campaigns use the classical approach of furnishing lookalike “from” names. In this case, ‘FASTag’, in some form, appears in the name of the sender. The domain name of the email is only visible when we purposely expand the ‘from’ address. This allows scammers to mislead receivers of the emails, since we don’t generally inspect the sender’s complete email address.  

"<yoastmark

As seen above, the sender’s name is ‘Axis FASTag’ and only on closer inspection, we notice that the email id is: [email protected] and the domain name is:  indiafamous.info. And, the website’s location is listed as Bihar. It is safe to assume that the below email is a phishing attempt. (We have noticed that previous phishing campaigns targeting NPCI, were also mapped to the same location).

"<yoastmark

Online marketplaces

Given the size of the targeted audience, scammers will not spare any platform through which they can prey on the public. 

Here is a case of an OLX listing that is advertising Axis Bank’s FASTag service.

FASTag advertisement on OLX
FASTag advertisement on OLX

Further investigation threw up listings like the ones below, in which the prices have been inflated. By inflating and then reducing the price of the tags, scammers are trying to make their proposition more attractive. This is a major red flag that is indicative of a phishing campaign. 

FASTag advertisements with inflated prices
FASTag advertisements with inflated prices

We also observed that some of the vendors are offering free GPS along with the tags. And the tags themselves are listed at prices lower than the actual cost of INR 500. But, it is not clear from the listing, if a standalone GPS comes free with the purchase of a FASTag.  

"<yoastmark

As seen from the below post, in which a vendor ‘Vivek Shukla’ from UP, has listed FASTag as “Fastage” along with a GPS app. The app is not officially associated with FASTag.

FASTag sold with an unofficial GPS app
FASTag sold with an unofficial GPS app

Deep web campaigns

We have spotted a series of phishing campaigns on various blogs and deep web sites. These advertisements offer FASTag services by using the names of popular banks such as Axis Bank, HDFC Bank, etc.

Chat platforms:

These campaigns are being widely spread through chat platforms such as Sharechat as well.

FASTag advertisements on Sharechat
FASTag advertisements on Sharechat

On clicking the link,  the page is redirected to an ad-hosted campaign which is not connected with Axis Bank FASTag services. And visiting these malicious links makes the visitor’s device vulnerable to malicious software, such as adware or other PUPs (Potentially Unwanted Programs). This, in turn, creates a backdoor to all vital information on the device and helps scammers fund other malicious campaigns they run.

Malicious links that make visitors vulnerable
Malicious links that make visitors vulnerable

Moreover, on analysing the details of the page through Virus Total, it was found to be listed as spam. 

VirusTotal results indicating that the advertisement is a spam
VirusTotal results indicating that the advertisement is a spam

Ad campaigns on other sites

We spotted ad campaigns on other unrelated websites such as a music download service. Through which unwary users can be clickjacked to phishing sites.

FASTag ad campaign on a music download service
FASTag ad campaign on a music download service

 

Surface web sites 

The official way to buy FASTags is via NPCI , authorized banking partners such as ICICI or HDFC, wallet partners such as UPI Airtel Payments, or authorized vendors. Yet there are similar-looking domains, registered to individuals, that may be is masquerading as official vendors of FASTag.

Some of the Similar-sounding domains:

Similar-sounding domains  Registrant Details
Fastagindia.com  

  • Street: Door No. 583, Flat no G-100
  • City: Bengaluru
  • State/Province: Karnataka
  • Postal Code: 560077
  • Country: India
  • Phone: +91 9884718277
  • Email: [email protected]
  • Admin Name: Ayush Enterprises
 

  Fastagindia.org

  

  • Registry ID: CR383877867
  • Name: Satheesh Kumar RST
  • Organization: GOLDEN COMMUNICATION
  • Street: 306, Thangam Complex, T.H. Road,
  • Street: New Washermenpet
  • City: Chennai
  • State/Province: Tamil Nadu
  • Postal Code: 600081
  • Country: IN
  • Phone: +91 8608330505
  • Email: [email protected]
 fas-tag.com   

  • Name: DARSHANKUMAR BHANUSHALI
  • Street: Gujarat
  • Street: Vapi
  • City: Vapi
  • State/Province: Gujarat
  • Postal Code: 396191
  • Country: IN
  • Phone: +91 9016626456
  • Email: [email protected]
 

http://fastag.app/ and http://fastag.in 

  

  • Registry ID: CR397133995
  • Name: sankarsh reddy
  • Organization: SANKARSH REDDY
  • Street: PLOT#142, ROAD#72, JUBILEE HILLS
  • City: HYDERABAD
  • State/Province: Telangana
  • Postal Code: 500033
  • Country: IN
  • Phone: +91.4023551902
  • Email: [email protected]
 fastag.co.in  

  • Registry ID: CR358608589
  • Name: Gaganjot Singh
  • Street: Ludhiana
  • City: Ludhiana
  • State/Province: Punjab
  • Postal Code: 141008
  • Country: IN
  • Phone: +91.9876700544
  • Email: [email protected]
  • Admin ID: CR358608596
  • Admin Name: Gaganjot Singh

Though the above-mentioned sites are not functional at the moment, there is a chance that they may become available at any time, to host phishing campaigns, by assuming an air of legitimacy. 

These are only a few examples of domains that use some version of “fastag” in their name. There are many more, yet to be listed or found. Some of these domain names, which have not been bought yet, are available at cheap prices.

Lookalike sites available at low prices
Lookalike sites available at low prices

Recruiting other scammers

While scammers directly exploit new FASTag users, they also attempt to recruit other people to carry out such campaigns. Here are examples of such posts, from a private Facebook group, in which a scammer has advertised FASTag as an opportunity to make money. 

Social media posts advertising FASTag as an opportunity to make money
Social media posts advertising FASTag as an opportunity to make money

Selling FASTag distributor rights

Authorized sales and service providers/vendors employ agents to sell and top-up FASTags. However, we have observed the presence of unauthorized people, on closed Facebook groups, who are selling free agent IDs. Which is why, FASTags procured from 3rd party agents, may or may not be genuine.

Here are some examples of Facebook posts offering free Agents IDs. 

Post exhorting people to become FASTag distributors
Post exhorting people to become FASTag distributors

 

Post exhorting people to sell FASTag
Post exhorting people to sell FASTag

Operating fake FASTag helpline numbers

There are posts on social networking sites that are advertising phone numbers and email ids that are not the official FASTag support contacts. They offer to set up FASTags or provide other related support. Calling such numbers is a sure-fire way to get defrauded.  

Fake number that includes Paytm to add legitimacy
Fake number that includes Paytm to add legitimacy

We also found several unofficial social media accounts listing email ids that mimic the official email contact and vendor names. For example: [email protected] contains “FASTag” and “HDFC”. Thus, setting up a honeypot, for unsuspecting people looking for genuine support. 

Posts spreading fake emails and phone numbers
Posts spreading fake emails and phone numbers

 

Example of someone who has reached out to the fake email id for genuine support
Example of someone who has reached out to the fake email id for genuine support

Email ID: [email protected], [email protected]

Phone Number: 9823017946

Another phishing email id was mentioned as a point of contact on a flagged website. The website promotes this email id for any issues related to FASTag.

Email ID: [email protected]

Flagged website hosting phishing email id
Flagged website hosting phishing email id

As observed from the above post, threat actors are advertising FASTag at a discounted price of INR 300, even though the original price of INR 500. Subsequently, people tempted by such offers, call these numbers, and become easy victims.

Aveon, advertised as a service provider, has no website
Aveon, advertised as a service provider, has no website

A well-crafted poster appeals to the general public as advertisements for reliable/ legitimate services. Upon investigation, we found that the service provider ‘Aveon’ does not have an official website.

Providing unblocking services for blacklisted FASTags

As with any new service, FASTag has a few ongoing issues. Some tags appear as ‘blacklisted,’ while passing through the toll gate, even though there is sufficient balance in the owner’s wallet. Consequently, scammers are exploiting this loophole in the system, by launching a campaign that offers unblocking of “blacklisted” tags. 

"<yoastmark

Facebook post offering unblocking service
Facebook post offering unblocking service

How do we avoid becoming victims?

In conclusion, these examples are just a tip of the iceberg, in the zeitgeist of ongoing scams. But they clearly show that if we, as end users of FASTag, are not vigilant, we can become easy victims of these malicious campaigns.  

End user precautions:

  • Don’t rely on individual vendors. Instead, buy FASTags from NTEC or from other official banks.
  • Don’t reveal OTPs received on your phone to anyone via call, or in person.
  • Never fill forms found on blogs or websites with look-alike domains that include the keyword “fastag”. 
  • Never click on hyperlinks provided in phishing emails, especially with subject lines such as “Free FASTag” etc. 
  • Avoid calling random toll free numbers, especially those flashed on third party websites/blogs. And, reach out to NTEC or Official Bank Helplines, for support.
  • Above all, don’t post or tweet any of your personal/transaction details (if you have not received your FASTag after applying for it). As this would help fraudsters customize their approach based on your specific problem. 

 

Author

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
Blog Image
Scam
October 29, 2024

Heightened risk of online scams and phishing attacks amidst 2024 Diwali celebration

Amidst the 2024 Diwali celebrations, CloudSEK's Threat Research team has identified a surge in online scams and phishing attacks targeting Indian consumers. Scammers are leveraging the festive season’s online shopping boom to create fake e-commerce sites, job offers, and firecracker sales scams, impersonating well-known brands to deceive users. Victims are often lured with deep discounts and fake promotions, resulting in financial losses, identity theft, and privacy breaches. The report emphasizes vigilance and provides recommendations to avoid direct bank transfers, verify website authenticity, and share safety tips with loved ones to prevent further scams.

Blog Image
Deep Fake Monitoing
Scam
Threat Intelligence
October 4, 2024

Deepfake Controversy: Scammers Use Deepfakes of Virat Kohli, Anant Ambani to Fraud

CloudSEK’s latest research uncovers a troubling trend involving scammers using deepfake technology to promote fraudulent mobile applications. High-profile individuals, such as Virat Kohli, Anant Ambani, and even international figures like Cristiano Ronaldo and Ryan Reynolds, have been targeted through deepfake videos. These manipulated clips showcase them endorsing a mobile gaming app, luring unsuspecting users into scams. The fraudulent ads leverage the credibility of renowned news channels to enhance their legitimacy, fooling users into downloading harmful applications from fake domains resembling Google Play or Apple App Store. This emerging threat is particularly aimed at the Indian market but extends to other regions like Nigeria, Pakistan, and Southeast Asia. The deceptive gaming apps, designed to siphon money from users, require a minimum deposit, promising quick earnings but leading to significant financial losses. These scams exploit deepfake videos in creative ways to bypass detection, making them even more dangerous. To combat this growing threat, CloudSEK’s Deep Fake Analyzer offers a free solution for the cybersecurity community, helping professionals detect and mitigate the risks posed by manipulated videos, images, and audio. This tool is crucial in safeguarding organizations from deepfake-related scams and fraud. To access the CloudSEK Deep Fake Analyzer, visit https://community.cloudsek.com/

Blog Image
Malware Intelligence
March 27, 2023

How Threat Actors are Exploiting ChatGPT's Popularity to Spread Malware via Compromised Facebook Accounts Putting Over 500,000 People at Risk

CloudSEK's investigation has revealed the presence of 13 Facebook pages/accounts (totaling over 500K followers) that have been compromised and are being used to disseminate the malware via Facebook ads.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil
Phishing

min read

FASTag Phishing Campaigns Flourish on Social Media

FASTag Phishing Campaigns Flourish on Social Media

Authors
Co-Authors
No items found.

FASTag Phishing Campaigns Flourish on Social MediaWith FASTag, toll collection is the latest of our everyday services that has gone digital. And, as is their wont, cyber criminals have already figured out ways to exploit it. FASTag, which is an Electronic Toll Collection (ETC) instrument, is mandated by the Government of India, for all vehicles passing through toll booths across the country. Considering the growing adoption, combined with users’ limited experience, it is not surprising that scammers are launching phishing campaigns by employing novice social engineering approaches.

In this article, we explore the different types of phishing campaigns and the channels that facilitate them. 

FASTag Phishing Campaigns

Though FASTag is a straightforward service, there are several avenues, ranging from distribution to after-sales support, through which scammer can exploit it. 

Scammers are defrauding people in the following ways:

  • Selling fake FASTags 
  • Recruiting other scammers
  • Selling FASTag distributor rights
  • Operating fake helpline numbers
  • Providing unblocking services for blacklisted FASTags

Scammers are delivering these campaigns via: 

  • Social media
  • Email
  • Online marketplaces
  • Chat platforms
  • Deep web sites
  • Surface web sites

We will investigate each of these scamming methods and the channels used to facilitate them. While FASTag scammers are present across the internet, they are especially active on social media because of how easy it is to create accounts and conceal their identities. 

Selling Fake FASTags

Social media 

There are social media profiles, personally promoting the “FASTag” project implementation (especially in local languages), even though they are not officially authorized or connected to the project. 

Facebook post advertising FASTag
Facebook post advertising FASTag

Some accounts are also offering services on behalf of authorized FASTag banking partners, by advertising the bank’s name along with their personal contact numbers. Since we cannot verify if such individuals are authorized to act on behalf of these financial institutions, it is best to avoid responding to their posts, to avail their services.

Post on a closed Facebook group advertising by including NPCI and HDFC
Post on a closed Facebook group advertising by including NPCI and HDFC

There are also social media posts that are promising free FASTags and FASTag services, even though the actual price is INR 500. However, they appear trustworthy to the general public because some of these campaigns include genuine images.

Post offering free FASTags
Posts offering free FASTags

Email 

Since FASTag became mandatory on 1st December 2019, we have observed phishing emails, delivered from various networks, to personal email IDs. Many of these campaigns use the classical approach of furnishing lookalike “from” names. In this case, ‘FASTag’, in some form, appears in the name of the sender. The domain name of the email is only visible when we purposely expand the ‘from’ address. This allows scammers to mislead receivers of the emails, since we don’t generally inspect the sender’s complete email address.  

"<yoastmark

As seen above, the sender’s name is ‘Axis FASTag’ and only on closer inspection, we notice that the email id is: [email protected] and the domain name is:  indiafamous.info. And, the website’s location is listed as Bihar. It is safe to assume that the below email is a phishing attempt. (We have noticed that previous phishing campaigns targeting NPCI, were also mapped to the same location).

"<yoastmark

Online marketplaces

Given the size of the targeted audience, scammers will not spare any platform through which they can prey on the public. 

Here is a case of an OLX listing that is advertising Axis Bank’s FASTag service.

FASTag advertisement on OLX
FASTag advertisement on OLX

Further investigation threw up listings like the ones below, in which the prices have been inflated. By inflating and then reducing the price of the tags, scammers are trying to make their proposition more attractive. This is a major red flag that is indicative of a phishing campaign. 

FASTag advertisements with inflated prices
FASTag advertisements with inflated prices

We also observed that some of the vendors are offering free GPS along with the tags. And the tags themselves are listed at prices lower than the actual cost of INR 500. But, it is not clear from the listing, if a standalone GPS comes free with the purchase of a FASTag.  

"<yoastmark

As seen from the below post, in which a vendor ‘Vivek Shukla’ from UP, has listed FASTag as “Fastage” along with a GPS app. The app is not officially associated with FASTag.

FASTag sold with an unofficial GPS app
FASTag sold with an unofficial GPS app

Deep web campaigns

We have spotted a series of phishing campaigns on various blogs and deep web sites. These advertisements offer FASTag services by using the names of popular banks such as Axis Bank, HDFC Bank, etc.

Chat platforms:

These campaigns are being widely spread through chat platforms such as Sharechat as well.

FASTag advertisements on Sharechat
FASTag advertisements on Sharechat

On clicking the link,  the page is redirected to an ad-hosted campaign which is not connected with Axis Bank FASTag services. And visiting these malicious links makes the visitor’s device vulnerable to malicious software, such as adware or other PUPs (Potentially Unwanted Programs). This, in turn, creates a backdoor to all vital information on the device and helps scammers fund other malicious campaigns they run.

Malicious links that make visitors vulnerable
Malicious links that make visitors vulnerable

Moreover, on analysing the details of the page through Virus Total, it was found to be listed as spam. 

VirusTotal results indicating that the advertisement is a spam
VirusTotal results indicating that the advertisement is a spam

Ad campaigns on other sites

We spotted ad campaigns on other unrelated websites such as a music download service. Through which unwary users can be clickjacked to phishing sites.

FASTag ad campaign on a music download service
FASTag ad campaign on a music download service

 

Surface web sites 

The official way to buy FASTags is via NPCI , authorized banking partners such as ICICI or HDFC, wallet partners such as UPI Airtel Payments, or authorized vendors. Yet there are similar-looking domains, registered to individuals, that may be is masquerading as official vendors of FASTag.

Some of the Similar-sounding domains:

Similar-sounding domains  Registrant Details
Fastagindia.com  

  • Street: Door No. 583, Flat no G-100
  • City: Bengaluru
  • State/Province: Karnataka
  • Postal Code: 560077
  • Country: India
  • Phone: +91 9884718277
  • Email: [email protected]
  • Admin Name: Ayush Enterprises
 

  Fastagindia.org

  

  • Registry ID: CR383877867
  • Name: Satheesh Kumar RST
  • Organization: GOLDEN COMMUNICATION
  • Street: 306, Thangam Complex, T.H. Road,
  • Street: New Washermenpet
  • City: Chennai
  • State/Province: Tamil Nadu
  • Postal Code: 600081
  • Country: IN
  • Phone: +91 8608330505
  • Email: [email protected]
 fas-tag.com   

  • Name: DARSHANKUMAR BHANUSHALI
  • Street: Gujarat
  • Street: Vapi
  • City: Vapi
  • State/Province: Gujarat
  • Postal Code: 396191
  • Country: IN
  • Phone: +91 9016626456
  • Email: [email protected]
 

http://fastag.app/ and http://fastag.in 

  

  • Registry ID: CR397133995
  • Name: sankarsh reddy
  • Organization: SANKARSH REDDY
  • Street: PLOT#142, ROAD#72, JUBILEE HILLS
  • City: HYDERABAD
  • State/Province: Telangana
  • Postal Code: 500033
  • Country: IN
  • Phone: +91.4023551902
  • Email: [email protected]
 fastag.co.in  

  • Registry ID: CR358608589
  • Name: Gaganjot Singh
  • Street: Ludhiana
  • City: Ludhiana
  • State/Province: Punjab
  • Postal Code: 141008
  • Country: IN
  • Phone: +91.9876700544
  • Email: [email protected]
  • Admin ID: CR358608596
  • Admin Name: Gaganjot Singh

Though the above-mentioned sites are not functional at the moment, there is a chance that they may become available at any time, to host phishing campaigns, by assuming an air of legitimacy. 

These are only a few examples of domains that use some version of “fastag” in their name. There are many more, yet to be listed or found. Some of these domain names, which have not been bought yet, are available at cheap prices.

Lookalike sites available at low prices
Lookalike sites available at low prices

Recruiting other scammers

While scammers directly exploit new FASTag users, they also attempt to recruit other people to carry out such campaigns. Here are examples of such posts, from a private Facebook group, in which a scammer has advertised FASTag as an opportunity to make money. 

Social media posts advertising FASTag as an opportunity to make money
Social media posts advertising FASTag as an opportunity to make money

Selling FASTag distributor rights

Authorized sales and service providers/vendors employ agents to sell and top-up FASTags. However, we have observed the presence of unauthorized people, on closed Facebook groups, who are selling free agent IDs. Which is why, FASTags procured from 3rd party agents, may or may not be genuine.

Here are some examples of Facebook posts offering free Agents IDs. 

Post exhorting people to become FASTag distributors
Post exhorting people to become FASTag distributors

 

Post exhorting people to sell FASTag
Post exhorting people to sell FASTag

Operating fake FASTag helpline numbers

There are posts on social networking sites that are advertising phone numbers and email ids that are not the official FASTag support contacts. They offer to set up FASTags or provide other related support. Calling such numbers is a sure-fire way to get defrauded.  

Fake number that includes Paytm to add legitimacy
Fake number that includes Paytm to add legitimacy

We also found several unofficial social media accounts listing email ids that mimic the official email contact and vendor names. For example: [email protected] contains “FASTag” and “HDFC”. Thus, setting up a honeypot, for unsuspecting people looking for genuine support. 

Posts spreading fake emails and phone numbers
Posts spreading fake emails and phone numbers

 

Example of someone who has reached out to the fake email id for genuine support
Example of someone who has reached out to the fake email id for genuine support

Email ID: [email protected], [email protected]

Phone Number: 9823017946

Another phishing email id was mentioned as a point of contact on a flagged website. The website promotes this email id for any issues related to FASTag.

Email ID: [email protected]

Flagged website hosting phishing email id
Flagged website hosting phishing email id

As observed from the above post, threat actors are advertising FASTag at a discounted price of INR 300, even though the original price of INR 500. Subsequently, people tempted by such offers, call these numbers, and become easy victims.

Aveon, advertised as a service provider, has no website
Aveon, advertised as a service provider, has no website

A well-crafted poster appeals to the general public as advertisements for reliable/ legitimate services. Upon investigation, we found that the service provider ‘Aveon’ does not have an official website.

Providing unblocking services for blacklisted FASTags

As with any new service, FASTag has a few ongoing issues. Some tags appear as ‘blacklisted,’ while passing through the toll gate, even though there is sufficient balance in the owner’s wallet. Consequently, scammers are exploiting this loophole in the system, by launching a campaign that offers unblocking of “blacklisted” tags. 

"<yoastmark

Facebook post offering unblocking service
Facebook post offering unblocking service

How do we avoid becoming victims?

In conclusion, these examples are just a tip of the iceberg, in the zeitgeist of ongoing scams. But they clearly show that if we, as end users of FASTag, are not vigilant, we can become easy victims of these malicious campaigns.  

End user precautions:

  • Don’t rely on individual vendors. Instead, buy FASTags from NTEC or from other official banks.
  • Don’t reveal OTPs received on your phone to anyone via call, or in person.
  • Never fill forms found on blogs or websites with look-alike domains that include the keyword “fastag”. 
  • Never click on hyperlinks provided in phishing emails, especially with subject lines such as “Free FASTag” etc. 
  • Avoid calling random toll free numbers, especially those flashed on third party websites/blogs. And, reach out to NTEC or Official Bank Helplines, for support.
  • Above all, don’t post or tweet any of your personal/transaction details (if you have not received your FASTag after applying for it). As this would help fraudsters customize their approach based on your specific problem.