IRCTC’s Tatkal Scheme Abused by Tech-Savvy Scam Network
The Indian Railways’ Tatkal booking system, designed for last-minute travelers, has been hijacked by a tech-driven racket.
Illegal online operators are using bots and Aadhaar-authenticated IDs to capture tickets in bulk—leaving genuine passengers with no options.
How the Scam Works
An investigation by India Today’s OSINT team found over 40 Telegram and WhatsApp groups involved in the network. This is only a glimpse of the larger operation. The key methods include:
Selling Aadhaar-authenticated IRCTC IDs for as little as ₹360
Using bots to auto-fill login, passenger, and payment details
Hiding locations through Virtual Private Servers (VPS)
Distributing malware-infected bots that also steal user data
Bots like Dragon, JETX, Ocean, Black Turbo, and Formula One are sold through shady websites for prices ranging from ₹999 to ₹5,000.
Railway Ministry Responds
To tackle the issue, the Ministry of Railways has launched several new measures, including:
Making Aadhaar-based authentication mandatory for Tatkal bookings from July 1, 2025
Banning agents from booking tickets during the first 30 minutes of the Tatkal window
Deploying AI-based anti-bot systems on IRCTC platforms
Suspending over 2.5 crore fake IRCTC accounts
A government release stated that bots make up nearly 50% of login attempts in the first five minutes of Tatkal openings, effectively blocking real users.
A Threat to User Security
Beyond unfair ticketing, these bots are a major cybersecurity risk. One malware scan revealed that a bot app behaved like a Trojan, capable of stealing user credentials.
This poses serious concerns about data privacy, especially with Aadhaar-linked user IDs being sold openly online.