A few days back I received an e-mail from Income Tax department (that is what the mail said) informing me that I have obtained a refund and asking me my bank details so as to transfer it to my account. I immediately got suspicious, because the refund amount stated in the mail was much more than my Income Tax deduction. After all IT department can’t refund me more than what I paid them, right? This obviously was a phishing mail, but done so creatively and timed so well (this is that time of the year when IT department generally sends refund) that anyone can easily fall prey to it.So how does one identify if a mail is legitimate or not? To understand that let’s take a look at the mail I received and dissect it step by step. But before that, let’s understand what phishing is.
What is phishing?
Phishing is an e-mail fraud designed to steal your web identity and capture your personal data like Credit/Debit Card numbers, bank account information, or other sensitive financial information.
Now let’s see how to identify a phishing mail. I’ll take example of this particular mail that I received, but these red flags apply to other phishing mails too.
Red Flags
- Take a look at the screenshot of the mail below (click on image to enlarge). It looks authentic, isn’t it?
But think about it for a second. While filing IT return you were asked for your account number and it was mentioned there that a refund will either be credited directly to your account or through a check. Then why are you being asked for that information again? - If the above argument looks weak, go ahead and click on the link present in the mail. This is the page that will open (click on image to enlarge):
Take a look at the url (http://beauxartsschool.com/webalizer/web/1/refunds/index.html?id=refund). All government websites have urls ending in .gov or .gov.in. But not this one. Also the url looks nowhere related to IT department (The actual url is https://incometaxindiaefiling.gov.in/). - Now let’s select a bank from the list. After selecting a bank you’ll be taken to a page that looks like this (click on image to enlarge):
As you can see the url has still not changed! Which means this is not a legitimate site and you should not proceed any further.
So you see if you are alert it is very easy to identify such phishing mails. The above mentioned phishing website has already been suspended but internet is full of such scams and false information so never let your guard down.
In the next post we’ll see how to check if a website is authentic while making an online payment or entering your sensitive information on a webpage. We’ll also take a look at some other methods of keeping your bank information safe. So subscribe now to our newsletter (don’t worry, we hate spam as much as you do!) so as not to miss that article. You can also connect with us on Facebook and follow us on Twitter.
Over To You
Have you received phishing mails? Were you able to identify it? What steps do you take to safeguard yourself from such attacks? Share your thoughts on this through the comment form below.
Nice information buddy. This mail really looks authentic particularly the people who are expecting a return from IT department; they can easily fall prey to it.
Also you can mention in your next post that don't click on any of the link present in the mail as it can easily steal your cookies. If you are not sure about any link, its safe to open it in a browser where you don't have any cookies saved.
I also got this mail today. But fortunately i got it on my secondary e mail generally which i used for spam mails while all my important works is operated by another ID. So it was easy to know for me that this is a fake mail. But really the buddy who made this is genius. Made it and looks it original….
Thanks buddy u clear my all doubts by this…thanks and god bless u….
Nice tip buddy !!. People generally are so click-happy that they click on any link without thinking twice.
My Banker HDFC keep sending warning intimation about such 'phishing mails'. It would be better if all banks follow.
And best wishes for blogjunta contest, my vote for you.
OMg thanx for the info. These days its so dangerous to trust mails. One shouldn't act before fully testing it!
Yes if all banks follow this, it would really be helpful. HDFC is doing a good work here !! Thanks for your vote sir :). I wouldn't mind losing to you !! 🙂
Well said Himadri !! 🙂
It's sad but true there are so many people out there who want to take advantage of other people. It definitely is a good idea to be 100% sure that an email you get is real and not some way for someone else to try to rip you off.
I also got below email today…..
Dear Valued Taxpayer,
Read this message carefully and delete after submssion of refund.
We have reviewed your tax fiscal payments for previous months and your filed returns online,with this effect we have determined that you are eligible to get a tax refund of INR 40,135.50
Please CLICK HERE and submit a confirmation refund request.
NOTE: Refund cannot be made to account owner that submitted invalid account information Example, Typing in letter A instead of G which makes your information incorrect will totally disqualify owner from Tax Refund.We will make an additional investigation with your bank for wrong submission of information and get rid of such account with wrong information because we will take it that it was submitted by a wrong owner.Please also note that refund takes three weeks to get processed and refund to rightful owners account.
The Central Board of Direct Taxes (CBDT)
My Account Has Not Been Credited
In case credit is not effected in the taxpayer account through ECS within three weeks but the refund advice has been received by the taxpayer AND the status shown is “paid”- in that case, the tax payer should contact his bank or the refund banker SBI. You should contact SBI at the following address.
Cash Management Product (CMP)
State Bank of India
SBIFAST
31, Mahal Industrial Estate
Off Mahakali Caves Road
Andheri (East)
Mumbai – 400 093.
Thanks. Useful information. I am generally quite alert to such phishing emails but this time even I fell pray to it as I was expecting a refund and of about the same amount. I like a fool entered all the details. However no money has been deducted from my account so far and I have also changed my ID / passwords. They however have details about my debit card. How can I secure my account now?
thanks, Samina
Hi Samina,
The scammers are using intelligent ways to dupe people. You took the right step by changing the id and password of your account. However, to ensure that everything is under control, I'll suggest you to visit your bank and talk to the bank manager directly about the whole incident. If necessary, they will change de-list your debit card and provide you a new one.
Don't worry, everything will be fine 🙂
Hi,
I have received the same mail today. The content of the mail is as mentioned below.
Dear Valued Taxpayer,
We have reviewed your tax fiscal payment for previous years and have resolved that you are qualified for a refund of the sum of 36,120.25 INR which is your accumulated tax excesses. Please submit a tax refund request and allow us to process it within 7(seven) working days.
To submit a request CLICK HERE
We appreciate taking the time to learn about our tax refund. It's one more way Income tax department can make your tax payment experience better.
Endeavor to fill in your Information correctly,to enable us make refund to your account without any delay.
Refund can be delayed for some reasons:
Applying after deadline of notification.
Submitting incorrect account information.
Tax Refund Department
Department of revenue,
Ministry of finance, India.
Regard,
Sindhu
I recd a similar email and fell pray to it. Soon (within 5min) i realized that its fishy so blocked my debit card and also changed by username/password of internet banking.
Anything else do i need to do?
Regards,
Abhishek
Hi,
I have received the same mail some time back today. The content of the mail is as mentioned below.
Dear Valued Taxpayer,
We have reviewed your tax fiscal payment for previous years and have resolved that you are qualified for a refund of the sum of 36,120.25 INR which is your accumulated tax excesses. Please submit a tax refund request and allow us to process it within 7(seven) working days.
To submit a request CLICK HERE
We appreciate taking the time to learn about our tax refund. It’s one more way Income tax department can make your tax payment experience better.
Endeavor to fill in your Information correctly,to enable us make refund to your account without any delay.
Refund can be delayed for some reasons:
Applying after deadline of notification.
Submitting incorrect account information.
Tax Refund Department
Department of revenue,
Ministry of finance, India.
i almost fell prey to this as the amount i was expecting was approx same. But saved as i did not have my account details handy with me. Thank God ! tried to open the link after some days , but it’s not available now. How can we find the source of such mail ?
Sandeep spammers are getting cleverer day by day. In order to be safe, we need to stay one step ahead of them. So, when online, be cautious. Don’t take anything at its face value.
As for finding the source code of an e-mail, that is something that will require another article. I’ll definitely cover it sooner than later.
Comment…
Thanks for making people aware of such frauds.
I have received emails from Income Tax department regarding intimations for ITR-V submissions. The email clearly states the name as mentioned during the income tax filing and not just some “Dear Valued Taxpayer”. Also, these intimations are generally sent as pdf file attachment with a password protection.
-Ambar.
That is a very good point Ambar. If we take notice of these little things, we can avoid falling to such scams.
Hi Anshul,
Even i have recieved the same mail today.
It took me to my bank site , thats when i got susupicious and then started searching the net… Thanks for your post
good one
…
I received a similar email today. I was little suspicious, but I still clicked the link in the email. It took me to co.uk site. This is when I realised that it is a phishing site. Another thing to note here is if you click on any of the links, you will be taken to the actual gov.in site.
Hi,
I have received the same mail yesterday and submitted the form. The below is the url.
Action taken: To protect my account, I have changed all my passwords. Also notified this incident to bank by mail and also via phone call.
It might be warning for others. Please check the URL while entering such details.
Thank you.
<>
Also I have changed all my pin numbers. Asked the bank to send new atm card. Also asked to stop the transaction process until i get new card.
Thank you.
I am glad you took these preventive measures. And thanks for sharing it here, as it might be useful for people who fall prey to this scam.
Thanks for this information. Today I got similar mail regarding tax refund, but I was suspicious because the URL redirected me to
http //174.121.43.67/ ~rber5627/plugins/jixed_bar/themes/dev/ index.html ?id=refund
The information shared by you helped me to save my confidential details. Thanks again.
i also facing this type of fraud before 3 days he is stolen about 20000/- INR RS ON BILL DESK
PLEASE PROVIDE THE solution how it will revert back to my account
If you receive an e-mail or find a website you think is pretending to be of Income Tax Department, forward the e-mail or website URL to phishing@incometax.gov.in. A copy may also be forwarded to incident@cert-in.org.in . I have done my job to stop this type of mails.