Nagpur: Cyber criminals in 2026 have refined a dangerous new playbook, and Nagpur has emerged as a clear target. Investigations reveal a surge in highly customised WhatsApp scams in which fraudsters masquerade as traffic police officials and send fake e-challans embedded with malicious APK files, turning a routine message into a gateway for financial ruin.
Unlike earlier generic fraud attempts, this new scam is disturbingly precise. Victims receive WhatsApp messages mentioning their actual vehicle registration number, a fabricated challan reference, and an attached APK file that claims to be an “official receipt” or “challan document”. Once installed, the file silently hijacks the phone, siphoning banking credentials, intercepting OTPs and granting remote access to fraudsters.
Gold Rate
20 Jan 2026
A recent case involving Nagpur resident Pranay Mahajan highlights how narrowly disaster can be avoided. At around 12.40 pm, Mahajan received a WhatsApp message claiming he had been fined Rs 2,000 for a traffic violation. The message appeared authentic, his vehicle number was correct, the language formal, and the sender’s display picture carried what looked like a police insignia.
However, Mahajan grew suspicious. His vehicle had been parked outside his residence throughout the day, a fact he cross-verified using CCTV footage. Realising the impossibility of the alleged offence, he refrained from opening the attached APK file. Cyber experts say this single decision saved his phone from malware that could have emptied his bank accounts within minutes.
Police sources confirm that such scams are not random. Fraudsters are believed to be accessing leaked databases, stolen FASTag records, or compromised vehicle-registration details to personalise messages and lower suspicion. The use of WhatsApp profile photos bearing police logos or government symbols further enhances the illusion of legitimacy.
Behind these messages lies an organised digital syndicate. In a recent crackdown, Nagpur City Police busted a cybercrime network operating through nearly 80 mule bank accounts, routing transactions worth over Rs 21 crore. Investigators say the group used identical techniques, APK-based malware delivery, to commit financial fraud, steal OTPs, run illegal online gaming rackets, and lure job seekers with fake business offers.
Alarmingly, cyber investigators have identified at least six victims in Nagpur alone who were targeted using the same data-theft pattern within a short span, indicating coordinated and scalable operations rather than isolated crimes.
Officials stress that no government department or police agency sends challans, links, or APK files via WhatsApp. Legitimate traffic fines can only be verified through authorised portals such as Parivahan or official traffic police websites. Any message demanding immediate payment through WhatsApp should be treated as fraudulent.
Cybercrime experts warn that once an APK is installed, the window for recovery is extremely narrow. “Time is critical,” a senior official said. “If reported quickly, we can freeze accounts, stop fund transfers, and in some cases even reverse transactions, but delays drastically reduce the chances.”
Citizens are advised to immediately block and report suspicious numbers. If a link is clicked or an APK installed, victims must call the National Cyber Crime Helpline 1930 without delay and register a complaint. In cyber fraud, minutes, not days, decide the outcome.
As scams grow more sophisticated, authorities say awareness remains the strongest defence. In the age of personalised cybercrime, even a familiar vehicle number can be a trap.
