Cross check the IT Refund message if you have received any - CERT-in Advisory

Posted on 2018-08-14 03:30:34 by FactHunt Admin


If you have received income tax refund message then check it again. It may be a phishing attack to steal your data.

Sign Up For Our Newsletters.

Get our articles in your email as soon as it goes live!
Error! Please Try Again.

As the deadline of August 31st for the filing of Income Tax Return approaching there have been increased reports of incidents related to fake SMS purportedly from the Income Tax department asking users to fill the form to avail the refund. This SMShing campaign uses popular URL shortening services such as,, and etc.

Screenshot credit: CERT-in


The message in the SMS tells the recipient that their income tax refund for a certain amount has been approved and will be credited shortly in your bank account. This is followed by an incorrect bank account number. Message reads to the recipient to verify the given bank account number and if found wrong, then visit the shortened link given in the message to update his bank record. The link is leading to phishing web-pages. Since the bank account number in the SMS is wrong, a number of recipients are enticed to click on the website link. Clicking on the link in the SMS, opens a website which is lookalike to the Income Tax department e-filing website.


The recipient is asked to enter his bank details to complete his income tax refund application and then enter his login ID and password on the next phishing web-page. Therefore, the details entered by the victim SMS recipient are harvested as sensitive data by the cybercriminals running this campaign for a later use in identity-thefts or for putting up for sale on the dark web or for even altering the user's details in the Income Tax Department's records.

Security Recommendation for Users


In the wake of this scam, users are advised to take diligent best practices to safeguard against disclosing their sensitive details:


  1. Do not reply to the suspicious SMS and emails. Such social engineering tactics can be identified as these SMS and emails have errors in spelling or grammar errors. Also, the letters in the URL could be jumbled. Even if the SMS or emails came from someone you know, be wary about opening the attachment or click on links. Some malicious emails may be spoofing the sender.
  2. Do not click on any links. In case if the hyperlink has been clicked then do not enter confidential information like bank account, credit card details etc.
  3. Do not cut and paste the link from the message into your device's browsers, fraudsters can make the link look like real, but it actually redirects to different websites.
  4. Use anti-virus software and a firewall for the mobile device and for every other devices used for accessing emails and keep them updated for protection against inadvertently accepting any unwanted files that gets downloaded in the SMShing,phishing links.
  5. Enterprise IT administrators can roll out group policies which forbid users from enabling macros in Word, Excel, or PowerPoint files originating from outside the company and block known malicious macros, such as the documents used in these social engineering attacks, from running.
  6. Report any incidents of phishing,SMShing,data theft or data loss to the appropriate stakeholders.

References :

This article was first published on the website of CERT-in.


Support Fact Hunt

We need your support to survive in the industry.

Sign Up For Our Newsletters.

Get our articles in your email as soon as it goes live!
Error! Please Try Again.

Leave a Comment:

Recent Comments


About Fact Hunt

Fact Hunt is an independent social journalism platform to counter fake news. You can connect with other users to share and discuss on any trending and controversial stories.

Recent Posts