It was the evening of October 5th, 2025—pleasant, quiet, and just the way I like it. I was unwinding with a warm cup of coffee, letting the day settle, when my phone buzzed with a WhatsApp notification. I glanced at the screen, expecting a casual message or maybe a meme. Instead, it was a challan notice—apparently, I had skipped a traffic signal.
For a moment, I froze. A traffic violation? Me?
I stared at the message, puzzled. My mind began to rewind the day’s events. Where had we taken the vehicle? Which route did we follow? Did we really miss a signal? The questions swirled faster than the steam rising from my coffee.
It’s strange how a single message can jolt you out of your comfort zone and into a spiral of self-check. Was it a mistake? A misidentification? Or had we genuinely overlooked a signal in the flow of traffic?
Whatever the case, that evening turned into a quiet investigation—retracing steps, checking timestamps, and trying to make sense of the unexpected. It was a reminder that even in the most ordinary moments, surprises can brew… just like coffee.
After the initial shock of receiving a traffic violation message on WhatsApp, I took a deep breath and switched into investigation mode. Time for some OSINT—Open Source Intelligence.
My first stop was the Cred app, my go-to hub for managing wallets and payments. I searched for any record of the challan, hoping to validate the claim. Nothing. No trace of a violation.
Next, I returned to WhatsApp and examined the sender’s profile. Something felt off. The account status had just been updated—barely ten minutes before I received the message—to impersonate “The Ministry of Road Transport and Highways.” That raised a red flag.
To dig deeper, I turned to Truecaller. The number wasn’t linked to any official entity—it belonged to an individual. I captured the profile photo and promptly marked the contact as “Spammer – Traffic Challan.”
But the message didn’t stop there. It included a link. With my Mobile EDR (Endpoint Detection and Response) subscription active, I cautiously clicked—not recommended for general users—and was redirected to an .apk file download.
Once the file landed, I ran it through my antivirus solution. The result? A Trojan. A malicious payload designed to siphon sensitive data and potentially drain bank accounts.
Action taken
To ensure no further communication from the scammer, I blocked the number immediately
Once I confirmed the presence of a Trojan in the downloaded file, I knew this wasn’t just a casual phishing attempt—it was a serious financial fraud risk. Without delay, I reported the incident to the Indian Cyber Crime Unit under the Financial Fraud category.
The process was straightforward, and I received an official acknowledgement confirming that my complaint had been registered. It was reassuring to know that the authorities had taken note and that the case was now in the right hands.
Later that same evening, I received a call from the Cybercrime Department. Their prompt response was both reassuring and commendable. I took the opportunity to elaborate on the entire sequence of events—from the suspicious WhatsApp message and the impersonation attempt to the OSINT steps I followed and the Trojan detection.
I walked them through the validation process on Cred, the Truecaller identification, and the risky .apk file download that revealed the malware. They listened attentively, asked a few clarifying questions, and appreciated the detailed documentation I had gathered.
It felt good to know that my report wasn’t just acknowledged—it was being actively investigated.
