The Income-Tax (I-T) Department regularly warns taxpayers about scammers posing as I-T officials and making fraudulent promises of income-tax returns (ITR) through phone calls, text messages, and phishing emails. “Don’t trust unsolicited calls. The department will never ask for immediate payments,” the department says on its website. If you or any senior citizen you know have received such messages, learn about how these scams work and avoid falling victim to them.
Modus operandi
Fraudsters send deceptive messages with embedded links. Once unsuspecting taxpayers are tricked into clicking on these links, they are then asked to reveal sensitive banking information, including one-time passwords (OTPs) and other confidential details.
“In certain cases, scammers succeed in installing remote access applications on victims’ devices, gaining access to their personal data. Senior citizens frequently are the primary targets of such fraudulent schemes,” says Vikram Babbar, partner, EY forensic & integrity services–financial services.
Scammers create fake websites resembling the official I-T Department site, tricking users into providing login credentials, personal information, or payment details under the pretext of updating records or processing refunds. “While browsing the internet, taxpayers may encounter pop-up notifications that appear to be from the I-T Department, urging them to claim a refund or update their information,” says Ritika Nayyar, partner, Singhania & Co. Fraudsters may at times pose as tax consultants, promising larger refunds in exchange for upfront fees.
They sometimes misuse personal information collected during tax preparation, leading to identity theft or unauthorised financial transactions.
Verifying authenticity of messages
To verify the authenticity of any communication, taxpayers should carefully check the email address, phone number, or website URL. Official communications from the department typically originate from domains like @income-tax.gov.in or @gov.in.
“Avoid clicking on links or downloading attachments from unexpected messages. Instead, manually type the I-T Department portal’s official URL(https://www.incometax.gov.in) into your browser. Once logged in, you can verify if any official notifications or updates exist concerning your tax matters. Additionally, you may contact the department directly through official channels for confirmation,” says Amit Bansal, partner-direct tax, Singhania & Co.
Thoroughly verify the details even of SMS received. “The I-T Department typically sends communications through the official email ID ending in ‘@incometax.gov.in’ or through SMS from IDs like ‘ITDEPT’ or ‘CPCITR’. Remember the department does not ask for sensitive information like passwords, PINs, or bank account details via email or phone,” says Prashant Mali, an advocate and expert on cybercrime.
Handling suspicious messages
If you receive a suspicious message claiming to be from the department, do not respond or click on any links. Instead, report it to the relevant authorities. Also, change your passwords if you have shared personal information. “Be wary of urgent requests and verify the sender’s identity. Always use official channels to contact the I-T Department,” says Nayyar. Remember, the department never asks for personal or financial information via email, phone, or pop-up notifications, nor should you disclose any such information.
If you receive an email or discover a website you believe is impersonating the department, forward the email or website URL to ‘webmanager@incometax.gov.in’. A copy can also be sent to incident@cert-in.org.in.
Sense of urgency: The message creates urgency by implying a need for immediate action
Suspicious link: The use of a shortened URL (bit.ly) obscures the destination website, which could be a phishing site designed to steal personal or financial information
Request for personal information: Tax authorities do not ask for sensitive information like bank account details through a link in an unsolicited message
First Published: Aug 27 2024 | 10:53 PM IST