Log into your e-filing account to check if you have any outstanding demand or refund
If you receive an email claiming to be from the income tax (I-T) department that there’s an outstanding tax demand that you need to pay immediately, don’t get alarmed.
Get cautious. In all probability, that email is from cyber criminals, trying to trick you into revealing your bank account details.
Experts say there has been an exponential rise in such emails in the past month. “Cyber criminals are sending these emails in July as it’s the time when most people file returns and tax is on their minds,” says Amarpal Chadha, tax partner and India mobility leader, EY. He says his clients have also received emails stating there is a refund pending with the I-T department and the recipient can claim it instantly.
These emails provide a link the receiver needs to click to pay the outstanding tax demand or get the refund. Once an individual clicks on it, he is redirected to a web page that looks similar to the I-T department’s website. The individual is asked to select his bank and is redirected to another fake bank website. At this stage, as the victim tries to log into his bank account, cyber criminals capture sensitive details.
At times, the hackers are already aware of the bank account the taxpayer uses. When the individual clicks on the link provided in the email, he is taken directly to a fake website of the bank.
Recognising such fraudulent emails is not difficult. The first thing to look at is the email address. The email might seem to be originating from incometaxindia.gov.in but many service providers, such as Gmail, inform the user if it actually originated from that website. You will see such emails will have ‘via’ right after the email address, and then the name of the server. This means the email was sent via another mail service.
The I-T department sends emails from the following IDs: firstname.lastname@example.org , intimations@cpc. gov.in, and email@example.com. The fraudulent emails in circulation at present are from firstname.lastname@example.org. But some technologies can help scammers to send emails that seem to be from the official addresses.
The Business Standard, New Delhi, 27th July 2017