There are no free lunches in this world. If someone tries to give you free money, even if it’s in the form of an income tax refund, be cautious. Read one of the most recent scam emails done with the name of Income tax Refund and how to secure your sensitive data.
What the hackers do?
One of the most common methods used by fraudsters is to attract potential victims by promising to give them money. When the money is delivered by a government entity, it becomes much more appealing. This is exactly what is being done with a Trojan malware attack that promises victims an Income Tax Refund.
The hackers take your banking information, hack into your phone, and gain access to your net banking during this procedure. Customers of 27 banks have already been targeted by this phishing attempt, according to the Ministry of Electronics and Information Technology (MEITY).
Read Also: ITRs Verified from 7th June To 30th Sept through EVC instead of DSC regularised
How the hackers do fraud with Income Tax Refund SMS?
First, the phishing website sends an SMS link that appears to be from the income tax department website. After that, the victims are instructed to fill out some personal information before being sent a file to download that will finish the verification procedure.
The victim is asked to authorise permission to access SMS, call records, and contacts once the app has been opened.
The form requests information such as the victim’s name, PAN, cellphone number, Aadhaar, address, date of birth, debit card number, PIN, CVV, bank account number, email address, and IFSC code, even if the victim does not provide permission. After entering these details, the victim is informed that a refund is pending and could be delivered immediately to their bank account.
Read Also: Income Tax on equity shares and mutual funds for AY 2021-22
When the victim clicks ‘transfer,’ an error message appears, prompting the user to update. The malware in the backend delivers the user’s details to the hacker’s system while the fake update screen is displayed.
When the hacker produces the bank’s customised mobile banking screen and displays it on the user’s device, the actual fraud occurs. The user is then prompted to provide their mobile banking information, which the attacker records.
What options do you have?
This has been brought to the attention of MEITY’s Computer Emergency Response Team (CERT), which has informed users of the malware’s presence and warned them against falling victim to hackers.
The malware is thought to be Drinik malware, which first appeared in 2016 as an SMS thief and then morphed into a trojan that forces users to share sensitive financial information.
Customers who get such a suspicious link should report it to [email protected].
Before downloading any questionable links, exercise cautious. Also, every link or email from a government agency should ideally have the domain ‘gov.in’ in the URL.
Read Also: CBDT extends due dates of Income Tax compliances for AY 2021-22
How can you avoid being a victim of Income Tax Refund scam?
- All official government communications are sent through official websites that always include the domain gov.in.
- Never trust a website that makes random claims like free deals, refunds, or cashback in exchange for your personal information.
- You must not share your CVV number, PIN, or any personal information, regardless of the reason.
- Exercise cautious and ask around if a web or SMS link or the claims stated in the connection sound questionable.
- If you are doubtful, send an email to [email protected].
Disclaimer:The article or blog or post (by whatever name) in this website is based on the writer’s personal views and interpretation of Act. The writer does not accept any liabilities for any loss or damage of any kind arising out of information and for any actions taken in reliance thereon.
Also, www.babatax.com and its members do not accept any liability, obligation or responsibility for author’s article and understanding of user.
For Advertising with us-
- Mail us at [email protected]
- Whatsapp us at +91-7024984925
