đ CloudSEK has raised $19M Series B1 Round â Powering the Future of Predictive Cybersecurity
Read More
CloudSEK XVigil's Fake Social Media Handles module helps you combat fake identities and protect your brand reputation, ensuring a secure digital presence
Schedule a DemoFASTag Phishing Campaigns Flourish on Social MediaWith FASTag, toll collection is the latest of our everyday services that has gone digital. And, as is their wont, cyber criminals have already figured out ways to exploit it. FASTag, which is an Electronic Toll Collection (ETC) instrument, is mandated by the Government of India, for all vehicles passing through toll booths across the country. Considering the growing adoption, combined with usersâ limited experience, it is not surprising that scammers are launching phishing campaigns by employing novice social engineering approaches.
In this article, we explore the different types of phishing campaigns and the channels that facilitate them.Â
Though FASTag is a straightforward service, there are several avenues, ranging from distribution to after-sales support, through which scammer can exploit it.Â
Scammers are defrauding people in the following ways:
Scammers are delivering these campaigns via:Â
We will investigate each of these scamming methods and the channels used to facilitate them. While FASTag scammers are present across the internet, they are especially active on social media because of how easy it is to create accounts and conceal their identities.Â
There are social media profiles, personally promoting the âFASTagâ project implementation (especially in local languages), even though they are not officially authorized or connected to the project.Â
Some accounts are also offering services on behalf of authorized FASTag banking partners, by advertising the bankâs name along with their personal contact numbers. Since we cannot verify if such individuals are authorized to act on behalf of these financial institutions, it is best to avoid responding to their posts, to avail their services.
There are also social media posts that are promising free FASTags and FASTag services, even though the actual price is INR 500. However, they appear trustworthy to the general public because some of these campaigns include genuine images.
Since FASTag became mandatory on 1st December 2019, we have observed phishing emails, delivered from various networks, to personal email IDs. Many of these campaigns use the classical approach of furnishing lookalike âfromâ names. In this case, âFASTagâ, in some form, appears in the name of the sender. The domain name of the email is only visible when we purposely expand the âfromâ address. This allows scammers to mislead receivers of the emails, since we donât generally inspect the senderâs complete email address. Â
As seen above, the senderâs name is âAxis FASTagâ and only on closer inspection, we notice that the email id is: [email protected] and the domain name is: Â indiafamous.info. And, the websiteâs location is listed as Bihar. It is safe to assume that the below email is a phishing attempt. (We have noticed that previous phishing campaigns targeting NPCI, were also mapped to the same location).
Given the size of the targeted audience, scammers will not spare any platform through which they can prey on the public.Â
Here is a case of an OLX listing that is advertising Axis Bankâs FASTag service.
Further investigation threw up listings like the ones below, in which the prices have been inflated. By inflating and then reducing the price of the tags, scammers are trying to make their proposition more attractive. This is a major red flag that is indicative of a phishing campaign.Â
We also observed that some of the vendors are offering free GPS along with the tags. And the tags themselves are listed at prices lower than the actual cost of INR 500. But, it is not clear from the listing, if a standalone GPS comes free with the purchase of a FASTag. Â
As seen from the below post, in which a vendor âVivek Shuklaâ from UP, has listed FASTag as âFastageâ along with a GPS app. The app is not officially associated with FASTag.
We have spotted a series of phishing campaigns on various blogs and deep web sites. These advertisements offer FASTag services by using the names of popular banks such as Axis Bank, HDFC Bank, etc.
These campaigns are being widely spread through chat platforms such as Sharechat as well.
On clicking the link, the page is redirected to an ad-hosted campaign which is not connected with Axis Bank FASTag services. And visiting these malicious links makes the visitorâs device vulnerable to malicious software, such as adware or other PUPs (Potentially Unwanted Programs). This, in turn, creates a backdoor to all vital information on the device and helps scammers fund other malicious campaigns they run.
Moreover, on analysing the details of the page through Virus Total, it was found to be listed as spam.Â
We spotted ad campaigns on other unrelated websites such as a music download service. Through which unwary users can be clickjacked to phishing sites.
The official way to buy FASTags is via NPCI , authorized banking partners such as ICICI or HDFC, wallet partners such as UPI Airtel Payments, or authorized vendors. Yet there are similar-looking domains, registered to individuals, that may be is masquerading as official vendors of FASTag.
Some of the Similar-sounding domains:
Similar-sounding domains | Â Registrant Details |
---|---|
Fastagindia.com |
|
 Fastagindia.org |
|
 fas-tag.com |
|
http://fastag.app/ and http://fastag.in |
|
 fastag.co.in |
|
Though the above-mentioned sites are not functional at the moment, there is a chance that they may become available at any time, to host phishing campaigns, by assuming an air of legitimacy.Â
These are only a few examples of domains that use some version of âfastagâ in their name. There are many more, yet to be listed or found. Some of these domain names, which have not been bought yet, are available at cheap prices.
While scammers directly exploit new FASTag users, they also attempt to recruit other people to carry out such campaigns. Here are examples of such posts, from a private Facebook group, in which a scammer has advertised FASTag as an opportunity to make money.Â
Authorized sales and service providers/vendors employ agents to sell and top-up FASTags. However, we have observed the presence of unauthorized people, on closed Facebook groups, who are selling free agent IDs. Which is why, FASTags procured from 3rd party agents, may or may not be genuine.
Here are some examples of Facebook posts offering free Agents IDs.Â
There are posts on social networking sites that are advertising phone numbers and email ids that are not the official FASTag support contacts. They offer to set up FASTags or provide other related support. Calling such numbers is a sure-fire way to get defrauded. Â
We also found several unofficial social media accounts listing email ids that mimic the official email contact and vendor names. For example: [email protected] contains âFASTag” and âHDFCâ. Thus, setting up a honeypot, for unsuspecting people looking for genuine support.Â
Email ID: [email protected], [email protected]
Phone Number: 9823017946
Another phishing email id was mentioned as a point of contact on a flagged website. The website promotes this email id for any issues related to FASTag.
Email ID: [email protected]
As observed from the above post, threat actors are advertising FASTag at a discounted price of INR 300, even though the original price of INR 500. Subsequently, people tempted by such offers, call these numbers, and become easy victims.
A well-crafted poster appeals to the general public as advertisements for reliable/ legitimate services. Upon investigation, we found that the service provider ‘Aveon’ does not have an official website.
As with any new service, FASTag has a few ongoing issues. Some tags appear as âblacklisted,â while passing through the toll gate, even though there is sufficient balance in the ownerâs wallet. Consequently, scammers are exploiting this loophole in the system, by launching a campaign that offers unblocking of âblacklistedâ tags.Â
In conclusion, these examples are just a tip of the iceberg, in the zeitgeist of ongoing scams. But they clearly show that if we, as end users of FASTag, are not vigilant, we can become easy victims of these malicious campaigns. Â
Phishing attacks are no longer just about fake emails and shady linksâtheyâre evolving into stealth operations that outsmart even the most advanced detection tools. In this blog, CloudSEKâs Threat Research Team reveals how modern phishers use geo-fencing, user-agent filtering, and other evasive tactics to stay hidden from traditional scanners. Backed by real-world examples and expert insights, we also show how CloudSEKâs XVigil platform, powered by its Fake Domain Finder (FDF) module, is uncovering what others miss. Read on to learn how todayâs phishing campaigns are engineered to deceiveâand how to fight back.
Amidst the 2024 Diwali celebrations, CloudSEK's Threat Research team has identified a surge in online scams and phishing attacks targeting Indian consumers. Scammers are leveraging the festive seasonâs online shopping boom to create fake e-commerce sites, job offers, and firecracker sales scams, impersonating well-known brands to deceive users. Victims are often lured with deep discounts and fake promotions, resulting in financial losses, identity theft, and privacy breaches. The report emphasizes vigilance and provides recommendations to avoid direct bank transfers, verify website authenticity, and share safety tips with loved ones to prevent further scams.
CloudSEKâs latest research uncovers a troubling trend involving scammers using deepfake technology to promote fraudulent mobile applications. High-profile individuals, such as Virat Kohli, Anant Ambani, and even international figures like Cristiano Ronaldo and Ryan Reynolds, have been targeted through deepfake videos. These manipulated clips showcase them endorsing a mobile gaming app, luring unsuspecting users into scams. The fraudulent ads leverage the credibility of renowned news channels to enhance their legitimacy, fooling users into downloading harmful applications from fake domains resembling Google Play or Apple App Store. This emerging threat is particularly aimed at the Indian market but extends to other regions like Nigeria, Pakistan, and Southeast Asia. The deceptive gaming apps, designed to siphon money from users, require a minimum deposit, promising quick earnings but leading to significant financial losses. These scams exploit deepfake videos in creative ways to bypass detection, making them even more dangerous. To combat this growing threat, CloudSEKâs Deep Fake Analyzer offers a free solution for the cybersecurity community, helping professionals detect and mitigate the risks posed by manipulated videos, images, and audio. This tool is crucial in safeguarding organizations from deepfake-related scams and fraud. To access the CloudSEK Deep Fake Analyzer, visit https://community.cloudsek.com/
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
min read
FASTag Phishing Campaigns Flourish on Social Media
FASTag Phishing Campaigns Flourish on Social MediaWith FASTag, toll collection is the latest of our everyday services that has gone digital. And, as is their wont, cyber criminals have already figured out ways to exploit it. FASTag, which is an Electronic Toll Collection (ETC) instrument, is mandated by the Government of India, for all vehicles passing through toll booths across the country. Considering the growing adoption, combined with usersâ limited experience, it is not surprising that scammers are launching phishing campaigns by employing novice social engineering approaches.
In this article, we explore the different types of phishing campaigns and the channels that facilitate them.Â
Though FASTag is a straightforward service, there are several avenues, ranging from distribution to after-sales support, through which scammer can exploit it.Â
Scammers are defrauding people in the following ways:
Scammers are delivering these campaigns via:Â
We will investigate each of these scamming methods and the channels used to facilitate them. While FASTag scammers are present across the internet, they are especially active on social media because of how easy it is to create accounts and conceal their identities.Â
There are social media profiles, personally promoting the âFASTagâ project implementation (especially in local languages), even though they are not officially authorized or connected to the project.Â
Some accounts are also offering services on behalf of authorized FASTag banking partners, by advertising the bankâs name along with their personal contact numbers. Since we cannot verify if such individuals are authorized to act on behalf of these financial institutions, it is best to avoid responding to their posts, to avail their services.
There are also social media posts that are promising free FASTags and FASTag services, even though the actual price is INR 500. However, they appear trustworthy to the general public because some of these campaigns include genuine images.
Since FASTag became mandatory on 1st December 2019, we have observed phishing emails, delivered from various networks, to personal email IDs. Many of these campaigns use the classical approach of furnishing lookalike âfromâ names. In this case, âFASTagâ, in some form, appears in the name of the sender. The domain name of the email is only visible when we purposely expand the âfromâ address. This allows scammers to mislead receivers of the emails, since we donât generally inspect the senderâs complete email address. Â
As seen above, the senderâs name is âAxis FASTagâ and only on closer inspection, we notice that the email id is: [email protected] and the domain name is: Â indiafamous.info. And, the websiteâs location is listed as Bihar. It is safe to assume that the below email is a phishing attempt. (We have noticed that previous phishing campaigns targeting NPCI, were also mapped to the same location).
Given the size of the targeted audience, scammers will not spare any platform through which they can prey on the public.Â
Here is a case of an OLX listing that is advertising Axis Bankâs FASTag service.
Further investigation threw up listings like the ones below, in which the prices have been inflated. By inflating and then reducing the price of the tags, scammers are trying to make their proposition more attractive. This is a major red flag that is indicative of a phishing campaign.Â
We also observed that some of the vendors are offering free GPS along with the tags. And the tags themselves are listed at prices lower than the actual cost of INR 500. But, it is not clear from the listing, if a standalone GPS comes free with the purchase of a FASTag. Â
As seen from the below post, in which a vendor âVivek Shuklaâ from UP, has listed FASTag as âFastageâ along with a GPS app. The app is not officially associated with FASTag.
We have spotted a series of phishing campaigns on various blogs and deep web sites. These advertisements offer FASTag services by using the names of popular banks such as Axis Bank, HDFC Bank, etc.
These campaigns are being widely spread through chat platforms such as Sharechat as well.
On clicking the link, the page is redirected to an ad-hosted campaign which is not connected with Axis Bank FASTag services. And visiting these malicious links makes the visitorâs device vulnerable to malicious software, such as adware or other PUPs (Potentially Unwanted Programs). This, in turn, creates a backdoor to all vital information on the device and helps scammers fund other malicious campaigns they run.
Moreover, on analysing the details of the page through Virus Total, it was found to be listed as spam.Â
We spotted ad campaigns on other unrelated websites such as a music download service. Through which unwary users can be clickjacked to phishing sites.
The official way to buy FASTags is via NPCI , authorized banking partners such as ICICI or HDFC, wallet partners such as UPI Airtel Payments, or authorized vendors. Yet there are similar-looking domains, registered to individuals, that may be is masquerading as official vendors of FASTag.
Some of the Similar-sounding domains:
Similar-sounding domains | Â Registrant Details |
---|---|
Fastagindia.com |
|
 Fastagindia.org |
|
 fas-tag.com |
|
http://fastag.app/ and http://fastag.in |
|
 fastag.co.in |
|
Though the above-mentioned sites are not functional at the moment, there is a chance that they may become available at any time, to host phishing campaigns, by assuming an air of legitimacy.Â
These are only a few examples of domains that use some version of âfastagâ in their name. There are many more, yet to be listed or found. Some of these domain names, which have not been bought yet, are available at cheap prices.
While scammers directly exploit new FASTag users, they also attempt to recruit other people to carry out such campaigns. Here are examples of such posts, from a private Facebook group, in which a scammer has advertised FASTag as an opportunity to make money.Â
Authorized sales and service providers/vendors employ agents to sell and top-up FASTags. However, we have observed the presence of unauthorized people, on closed Facebook groups, who are selling free agent IDs. Which is why, FASTags procured from 3rd party agents, may or may not be genuine.
Here are some examples of Facebook posts offering free Agents IDs.Â
There are posts on social networking sites that are advertising phone numbers and email ids that are not the official FASTag support contacts. They offer to set up FASTags or provide other related support. Calling such numbers is a sure-fire way to get defrauded. Â
We also found several unofficial social media accounts listing email ids that mimic the official email contact and vendor names. For example: [email protected] contains âFASTag” and âHDFCâ. Thus, setting up a honeypot, for unsuspecting people looking for genuine support.Â
Email ID: [email protected], [email protected]
Phone Number: 9823017946
Another phishing email id was mentioned as a point of contact on a flagged website. The website promotes this email id for any issues related to FASTag.
Email ID: [email protected]
As observed from the above post, threat actors are advertising FASTag at a discounted price of INR 300, even though the original price of INR 500. Subsequently, people tempted by such offers, call these numbers, and become easy victims.
A well-crafted poster appeals to the general public as advertisements for reliable/ legitimate services. Upon investigation, we found that the service provider ‘Aveon’ does not have an official website.
As with any new service, FASTag has a few ongoing issues. Some tags appear as âblacklisted,â while passing through the toll gate, even though there is sufficient balance in the ownerâs wallet. Consequently, scammers are exploiting this loophole in the system, by launching a campaign that offers unblocking of âblacklistedâ tags.Â
In conclusion, these examples are just a tip of the iceberg, in the zeitgeist of ongoing scams. But they clearly show that if we, as end users of FASTag, are not vigilant, we can become easy victims of these malicious campaigns. Â