Google Search Hijacked for FASTag Annual Pass Scam

Post Views: 41

Cybercriminals Exploit Google Search Results to Scam Highway Commuters in India

Cybercriminals have been found exploiting Google’s search results to scam highway commuters in India, targeting those looking to purchase or recharge FASTag annual passes. The National Cybercrime Threat Analysis Unit (NCTAU) under the Indian Cyber Crime Coordination Centre (I4C) has issued a warning about the phishing campaign, which uses fake websites impersonating the National Highways Authority of India (NHAI) FASTag Annual Pass service.

Scammers’ Tactics

The scammers’ tactics involve creating websites that closely resemble the official NHAI FASTag pages, complete with similar branding, layout, and content. These fake portals are then promoted through Google Ads and optimized for search engines to appear at the top of search results for keywords such as “fastag annual pass” and “fastag recharge”. This approach enables the scammers to intercept users who are actively searching for FASTag services, increasing the likelihood of success.

Phishing Websites

The phishing websites prompt users to pay for a supposed FASTag Annual Pass, using a QR code to divert funds to mule bank accounts. To evade detection, the scammers regularly rotate the mule accounts linked to the payment page, making it challenging for law enforcement to track the financial transactions.

“A high ranking on Google or prominent display in search results does not guarantee the legitimacy of a website.” – I4C advisory

Advisory

Commuters are advised to exercise caution when searching for FASTag services online and to use only official channels, such as the NHAI website or the Rajmarg Yatra app, to access FASTag Annual Pass services.

Precautions

To avoid falling victim to this scam, users are recommended to verify URLs carefully, treating ads and search results as untrusted. It is essential to independently validate links found via search results, ads, emails, or messages through official government portals before making payments. If a user has paid on a suspicious FASTag site, they are urged to report the incident immediately to the National Cyber Crime Reporting Portal or call the cybercrime helpline.

Conclusion

This case highlights the evolution of phishing tactics, which now involve exploiting search engine results to reach users at the moment of intent. The safest practice for commuters is to rely on verified official portals and the Rajmarg Yatra app for annual pass services, avoiding FASTag-related ads and suspicious links.