If you have received income tax refund message then check it again. It may be a phishing attack to steal your data.
As the deadline of August 31st for the filing of Income Tax Return approaching there have been increased reports of incidents related to fake SMS purportedly from the Income Tax department asking users to fill the form to avail the refund. This SMShing campaign uses popular URL shortening services such as bit.ly,goo.gl,ow.ly and t.co etc.
Screenshot credit: CERT-in
The message in the SMS tells the recipient that their income tax refund for a certain amount has been approved and will be credited shortly in your bank account. This is followed by an incorrect bank account number. Message reads to the recipient to verify the given bank account number and if found wrong, then visit the shortened bit.ly link given in the message to update his bank record. The bit.ly link is leading to phishing web-pages. Since the bank account number in the SMS is wrong, a number of recipients are enticed to click on the website link. Clicking on the link in the SMS, opens a website which is lookalike to the Income Tax department e-filing website.
The recipient is asked to enter his bank details to complete his income tax refund application and then enter his login ID and password on the next phishing web-page. Therefore, the details entered by the victim SMS recipient are harvested as sensitive data by the cybercriminals running this campaign for a later use in identity-thefts or for putting up for sale on the dark web or for even altering the user's details in the Income Tax Department's records.
This article was first published on the website of CERT-in.
Fact Hunt is an independent social journalism platform to counter fake news. You can connect with other users to share and discuss on any trending and controversial stories.