Tax season: Beware of fake mails asking for your netbanking details from I-T like addresses

Don't respond to mails from donotreply@incometaxindiafilling.gov.in - it has the 'e' is missing from 'efiling' and 'filing' is spelt as 'filling'.

ThinkStock Photos
MUMBAI: It is the season to file income-tax returns, and phishing fraudsters are using that to lure victims. Taxpayers are receiving emails from addresses remarkably similar to the original government one, asking them to provide their netbanking details to "receive their refund amount".

The sender's address in the current fraud appears as donotreply@incometaxindiafilling.gov.in and not donotreply@incometaxindiaefiling.gov.in - the 'e' is missing from 'efiling' and 'filing' is spelt as 'filling'.

"We issue standard alerts on our website as well as by text messages cautioning taxpayers about online fraud. It is best not to respond to suspicious mails and never share your bank account or credit card details because we do not solicit them," an I-T spokesman told on Wednesday.


The I-T website did not show any alert, but chartered accountants and tax return preparers (TRPs) circulated a cautionary note on WhatsApp: "An important announcement for all of those who have filed their returns and have received an e-mail stating that there has been an error in calculating tax and a refund has to be issued - please ignore it. It is circulated by hackers. Once you click on the link, it will direct you to a netbanking login page and once you log into it, your bank account will be hacked. The income tax department will send an intimation about refunds payable through a proper notice."

Sushma Bandelkar, a TRP in Mumbai, said: "Such frauds will increase as the July 31 deadline to file returns approaches. Taxpayers must not share any personal information with any caller who claims to represent the I-T department, or email any details. If a refund is due, you will receive a formal notice from I-T. Do not give your bank details, login name or user ID, credit card and debit card details or PIN number to any individual or website."

Bandelkar said phishing frauds using I-T returns as the hook have taken place often in the past. "If there are any changes, a rectification form must be filed before you can receive your refund. All CAs and TRPs provide the assessee's bank account number and IFSC code as part of the returns filing process. So, the department does not solicit these from individual taxpayers again. Any refund due will come to you through NEFT. It is best to ignore such emails," she said.
ADVERTISEMENT

Facebook Data Breach Making Headlines, Here's How Other Scandals Began
1/6
The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches.
(Image: Twitter/@AleksandrBKogan)
The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches. (Image: Twitter/@AleksandrBKogan)
In 2012, companies like Visa Inc licensee, J C Penney Co, JetBlue Airways Corp and French retailer Carrefour SA were attacked by hackers, resulting in a collective loss of up to $300 million. A Russian and Ukrainian gang hacked into the records for over seven years, breaching 8,00,000 bank accounts and stealing more than 160 million credit and debit card numbers. While his colleagues did the hacking, 32-year-old Russian Roman Kotov was charged with mining the data.
In 2012, companies like Visa Inc licensee, J C Penney Co, JetBlue Airways Corp and French retailer Carrefour SA were attacked by hackers, resulting in a collective loss of up to $300 million. A Russi..
Read More
While eBay’s database was hacked earlier in 2014, the news came out only in May that year. The online auction house went into damage control. Its then CEO John Donahue asked 145 million users to change their passwords, but said that financial information was stored separately and hence, remained safe. One mind boggling detail is that the unknown hackers had access to eBay’s accounts for 229 days.
While eBay’s database was hacked earlier in 2014, the news came out only in May that year. The online auction house went into damage control. Its then CEO John Donahue asked 145 million users to chan..
Read More
In 2007, more than 94 million customer accounts belonging to the department store group TJX were compromised. The man behind it, Albert Gonzalez, was also indicted in the Heartland Payment’s data breach, where hackers stole more than 130 million credit and debit card numbers from the payment processing system in 2008. College dropout Gonzalez used several screen names like ‘soupnazi’ (a reference to the popular Seinfeld episode), ‘kingchilli’ and ‘cumbajohny’ in the TJX hack. While Gonzalez was arrested in a Miami hotel, officials found $1.6 million in cash hidden in plastic bags in a drum buried at his parent’s backyard. The soupnazi was sentenced to 20 years in prison in 2010.
In 2007, more than 94 million customer accounts belonging to the department store group TJX were compromised. The man behind it, Albert Gonzalez, was also indicted in the Heartland Payment’s data bre..
Read More
The personal records of over 78 million customers were stolen in 2015 from American health insurance giant Anthem. Investigators suspected China’s role in the breach. Apparently, the hack happened in 2014, when just one user at an Anthem subsidiary opened a phishing email. It gave access to the company’s warehouse. In 2017, Anthem reached a settlement of $115 million — the money will reportedly be used to pay for an additional two years of credit monitoring for the breach’s victims.
The personal records of over 78 million customers were stolen in 2015 from American health insurance giant Anthem. Investigators suspected China’s role in the breach. Apparently, the hack happened in..
Read More
Literally every single Yahoo user account was hacked into. In September 2017, Yahoo confirmed that all of its three billion accounts were exposed as part of an August 2013 breach. In a separate incident in 2016, a hacker called Peace put up the company’s user information for sale in the darknet market site, The RealDeal. The news affected Verizon’s takeover of the company, knocking off $350 million from the sale price. Verizon bought out Yahoo in June 2017.
Literally every single Yahoo user account was hacked into. In September 2017, Yahoo confirmed that all of its three billion accounts were exposed as part of an August 2013 breach. In a separate incid..
Read More


Download
The Economic Times Business News App
for the Latest News in Business, Sensex, Stock Market Updates & More.
READ MORE
ADVERTISEMENT

READ MORE:

LOGIN & CLAIM

50 TIMESPOINTS

More from our Partners

Loading next story
Business News › Magazines › Panache › Tax season: Beware of fake mails asking for your netbanking details from I-T like addresses
Text Size:AAA
Success
This article has been saved

*

+