07 January,2026 05:23 PM IST | Mumbai | Anish Patil
The fraud took place after the victim downloaded an APK file sent through an SMS claiming a traffic fine. Representational Pic/File/iStock
A single click on a fake Regional Transport Office (RTO) e-challan link allegedly cost a Byculla-based lawyer Rs 2 lakh, after cyber fraudsters gained access to his credit card and carried out unauthorised online transactions, police said.
The fraud took place after the victim downloaded an APK file sent through an SMS claiming a traffic fine.
According to the police complaint, the 38-year-old advocate received a message on December 23 at around 7.30 pm, stating that a Rs 300 traffic challan had been issued against him.
Although he was certain he had not committed any traffic violation, he downloaded the attached APK file to check the details. The application asked for Aadhaar, PAN and mobile number, but he did not enter any personal information.
Soon after installing the app, his mobile phone began overheating and working slowly, prompting him to delete the application the next day.
The scam came to light in the early hours of December 25, when the victim received 21 OTP messages within just two minutes, between 2.50 am and 2.53 am.
Police said the OTPs were generated for transactions linked to his credit card.
Investigators said four transactions were successful, including three payments of Rs 50,000 each and one of Rs 50,299, all made through Amazon Pay.
The total unauthorised amount debited was Rs 2,00,299, while the remaining transaction attempts were blocked by the bank.
Around the same time, the lawyer received multiple automated calls from unknown and international numbers. Police believe that malware hidden in the APK file may have given fraudsters remote access to his phone, allowing them to intercept OTPs in real time.
The victim blocked his credit card at 4.06 am and later approached the police, submitting call records, OTP alerts and bank statements.
The Byculla Police registered a case of online cheating and unauthorised electronic access on January 6. Officials said efforts are underway to trace the digital trail, IP addresses and beneficiary accounts involved in the fraud.
Police have warned citizens not to download APK files received through SMS or WhatsApp, especially messages claiming to be traffic challans or government notices.
They advised people to verify traffic fines only through official government websites or apps.
