On 8 April, the ministry of finance issued a release, saying that the income tax (I-T) department would be issuing refunds of up to ₹5 lakh immediately, a move that will benefit 14 lakh taxpayers. It was done to provide relief to businesses and individuals during the lockdown. Cybercriminals took this as an opportunity to target gullible taxpayers.
Many individuals started receiving fake messages, which stated that the I-T department is providing relief to all taxpayers due to covid-19 outbreak. The message contained a link that the individual needs to click to claim tax refund. Following this, the I-T department and the State Bank of India sent out messages on Twitter warning taxpayers about such cyber frauds. These are the things you should keep in mind to avoid falling into these traps.
THE SIMPLE TRICK
If you receive a message from the I-T department about a refund, don't rush immediately to claim it. There are chances that it could be from hackers, who want to trick you into revealing your confidential financial details such as bank username and password.
"These messages are sent out regularly and typically, around the tax filing time, as the individuals are more gullible during this time. This time around, hackers are taking advantage of the government's announcement on refunds," said Preeti Khurana, a chartered accountant with tax-filing website Cleartax.in.
The messages sent out every year have the same content and follow a similar method to defraud the taxpayer. The link mentioned in the message takes the taxpayers to a fake website that looks just like the genuine income tax department's e-filing portal. Once the person enters his credentials, the user is asked to enter his bank account and other details. The hackers can use the details to transfer money, or they harvest the data for identity theft, or they put it up on sale on the dark web, or they can alter the user details in the I-T department's records.
HOW TO GUARD YOURSELF
The tax department doesn't ask taxpayers to verify bank account details. The refund is sent directly to the bank account that the individual discloses at the time of filing the returns. Such refund messages typically would ask you to claim the refund immediately. Tax department usually gives 30 days' time to respond to its communication.
Recognising fake messages is not difficult. "The individual needs to look at a few details. For example, check the link given in the message. The genuine address of the tax department's e-filing website is www.incometaxindiaefiling.gov.in. Next to the website link, you will see a closed lock icon, which means the website is secure. Fake websites won't have a closed lock icon," said Khurana.
If you receive a message on email, there is a possibility that it could have an attachment. Avoid clicking on the attachment. Other precautions you can take are to install antivirus software with internet security feature. Such software can detect and warn you of malicious links.
The best thing to do is to consult a chartered accountant or tax experts when you receive such messages to verify them.
Here’s how to identify a fraud message:
- Incorrect website address
- Asking to act fast
- Content is too good to be true
- Spelling mistakes
- Link asks for confidential information