Beware of I-T refund messages, cyber criminals may trick you with fraud

If you receive a text message from the income-tax (I-T) department stating a tax refund or demanding an outstanding tax liability, do not respond immediately. There are chances this message is from cyber criminals trying to trick you into revealing your bank account details.

Experts say such messages rise exponentially during the tax filing season. “Cybercriminals send such messages or emails when the tax filing deadline is close because taxpayers can be more gullible during this time,” says Preeti Khurana, a tax expert at ClearTax.

In fact, these scams are so prominent around this time that the country’s premier cybersecurity agency – Indian Computer Emergency Response Team (CERT-In) – has also cautioned about them recently.

The message usually has an incorrect bank account number. It asks the recipient to verify the bank account by clicking on the link provided in the message. The link takes the recipient to a website that looks just like the genuine I-T e-filing portal. Once the person enters his credentials, the user is asked to enter his bank account and other details. “The details entered by the victim are harvested by cybercriminals for later use in identity thefts or for putting up on sale on the dark web or even for altering the user details in the I-T department’s records,” says the CERT-In advisory.

If you take a little time before clicking, you will realise that recognising such fraudulent messages or emails is not difficult. The first thing to look at is the link. It may be similar to your bank or the I-T department’s link, but there will be minor variations. “The website may be a complete replica, but the address (URL) will have spelling mistakes. It will not end with ‘’, which is provided only by government websites,” says Khurana. Whenever you are transacting online, check if the address starts with https, rather than http. It should also have a ‘closed lock’ sign. It means the website is secure and verified.

There are other tell-tale signs. Emails from the tax department always say ‘do not reply’. The best way to cut the risk is to use a licensed antivirus software. There is also a possibility that the email has an attachment instead of a link. Do not download attachments as these could be spyware that could get installed in your phone or computer.

Tax experts say the I-T department does not send out tax demands or refunds in July or August. “The authorities also do not ask you to provide bank details separately. Taxpayers have to furnish those details when filing returns,” says Chadha.

Fraudulent messages usually ask you to claim a refund within the next seven days or pay the outstanding demand immediately. Any communication from the I-T department provides at least 30 days to the taxpayer. Therefore, it is always best to consult your tax expert on receiving such a notification from the department, instead of acting on it in a hurry.
Avoid falling prey to tax scams

What to avoid

-          Open links in the text message or emails

-          Download attachments

-          Provide details such as bank account number, PAN, and so on

What to do

-          Log on to I-T department's e-filing website. Check the genuineness of message

-          The website has details of refund as well as the outstanding tax demand

-          If you open the link, check if the link has '' and the link starts with Https