Live
- Additional Collector Conducts Surprise Visit to Boys' Hostel in Wanaparthy
- Punjab hikes maximum state-agreed price for sugarcane, highest in country
- Centre okays PAN 2.0 project worth Rs 1,435 crore to transform taxpayer registration
- Punjab minister opens development projects of Rs 120 crore in Ludhiana
- Cabinet approves Atal Innovation Mission 2.0 with Rs 2,750 crore outlay
- Centre okays Rs 3,689cr investment for 2 hydro electric projects in Arunachal
- IPL 2025 Auction: 13-year-old Vaibhav Suryavanshi becomes youngest player to be signed in tournament's history
- About 62 lakh foreign tourists arrived in India in 8 months this year: Govt
- IPL 2025 Auction: Gujarat bag Sherfane Rutherford for Rs 2.60 cr; Kolkata grab Manish Pandey for Rs 75 lakh
- Assam CM meets Governor, cabinet expansion on the cards
Messages luring people with fake promises of I-T refunds prowling, alert issued
The countrys premier cyber security agency CERT In has cautioned against a malicious SMShing fraud where fake messages are being sent to people in the name of the Income Tax IT department saying their refunds have been approved, with an aim to steal the recipients vital personal details and put them on the dark net for sale
Highlights:
- The warning, that also acts as an advisory, comes at a time when the tax returns filing season is on and the CBDT has sometime back extended the deadline to do till August 31
- The advisory describes as to how such fake SMSes could be identified
NEW DELHI: The country's premier cyber security agency - CERT-In - has cautioned against a malicious 'SMShing' fraud where fake messages are being sent to people in the name of the Income Tax (I-T) department saying their refunds have been approved, with an aim to steal the recipient's vital personal details and put them on the dark net "for sale".
The warning, that also acts as an advisory, comes at a time when the tax returns filing season is on and the Central Board of Direct Taxes (CBDT) has sometime back extended the deadline to do till August 31.
Recently, some people wrote on social media platforms that they had received such messages.
The Indian Computer Emergency Response Team (CERT-In), the national nodal agency for responding to computer security incidents, said once a person clicks on the SMShing (made of SMS and phishing) link, he/she runs the risk of either his/her personal details being "put up for sale on the dark web" (clandestine web), or even their I-T department records "altered" by misusing their e-filing credentials.
The advisory describes as to how such fake SMSes could be identified.
"There have been increased reports of incidents related to fake SMS purportedly from Income Tax Department as the filing of I-T returns nears. This SMShing campaign uses popular URL (universal resource locator) shortening services such as bit.ly, goo.gl, ow.ly and t.co among others," it said.
It then goes on to describe the modus operandi of such attack.
"The message in the SMS tells the recipient that their income tax refund for a certain amount has been approved and will be credited shortly in his bank account. This is followed by an incorrect bank account number. Message reads to the recipient to verify the given bank account number and if found wrong, then visit the shortened bit.ly link given in the message to update his bank record.
"The bit.ly link is leading to phishing web-pages. Since the bank account number in the SMS is wrong, a number of recipients are enticed to click on the website link. Clicking on the link in the SMS, opens a website which is lookalike to the Income Tax Department e-filing website," it said.
The recipient, the advisory said, is asked to enter their bank details to complete their income tax refund application and then enter their login ID and password on the next phishing web-page.
"Thereafter, the details entered by the victim SMS recipient are harvested as sensitive data by the cyber criminals running this campaign for a later use in identity-thefts or for putting up for sale on the dark web or for even altering the user's details in the Income Tax Department's records," it said.
A senior tax department official told that the department is aware of these malicious SMS-based and online attacks on personal taxpayers and others and they are in touch with the CERT-In authorities and have also issued public advisories in this context.
The advisory has also stated some do's and dont's.
It says, "Do not reply to the suspicious SMS and emails and such social engineering tactics can be identified as these SMS and emails have errors grammatical or spelling errors; even if the SMS or emails came from someone you know, be wary about opening the attachment or click on links as some malicious emails may be spoofing the sender.
"Also, do not click on any links and in case if the hyperlink has been clicked then do not enter confidential information like bank account, credit card details among others; use anti-virus software and a firewall for the mobile device and for every other device used for accessing emails and keep them updated for protection against inadvertently accepting any unwanted files that gets downloaded in the SMShing, phishing links," it said.
