Income Tax Refund Scam

A few days back I received an e-mail from Income Tax department (that is what the mail said) informing me that I have obtained a refund and asking me my bank details so as to transfer it to my account. I immediately got suspicious, because the refund amount stated in the mail was much more than my Income Tax deduction. After all IT department can’t refund me more than what I paid them, right? This obviously was a phishing mail, but done so creatively and timed so well (this is that time of the year when IT department generally sends refund) that anyone can easily fall prey to it.

So how does one identify if a mail is legitimate or not? To understand that let’s take a look at the mail I received and dissect it step by step. But before that, let’s understand what phishing is.

What is phishing?

Phishing is an e-mail fraud designed to steal your web identity and capture your personal data like Credit/Debit Card numbers, bank account information, or other sensitive financial information.
Now let’s see how to identify a phishing mail. I’ll take example of this particular mail that I received, but these red flags apply to other phishing mails too.

Red Flags

1. Take a look at the screenshot of the mail below (click on image to enlarge). It looks authentic, isn’t it?
   
   But think about it for a second. While filing IT return you were asked for your account number and it was mentioned there that a refund will either be credited directly to your account or through a check. Then why are you being asked for that information again?
2. If the above argument looks weak, go ahead and click on the link present in the mail. This is the page that will open (click on image to enlarge):
   Take a look at the url (http://beauxartsschool.com/webalizer/web/1/refunds/index.html?id=refund). All government websites have urls ending in .gov or .gov.in. But not this one. Also the url looks nowhere related to IT department (The actual url is https://incometaxindiaefiling.gov.in/).
3. Now let’s select a bank from the list. After selecting a bank you’ll be taken to a page that looks like this (click on image to enlarge):
   
   As you can see the url has still not changed! Which means this is not a legitimate site and you should not proceed any further.

So you see if you are alert it is very easy to identify such phishing mails. The above mentioned phishing website has already been suspended but internet is full of such scams and false information so never let your guard down.

In the next post we’ll see how to check if a website is authentic while making an online payment or entering your sensitive information on a webpage. We’ll also take a look at some other methods of keeping your bank information safe. So subscribe now to our newsletter (don’t worry, we hate spam as much as you do!) so as not to miss that article. You can also connect with us on Facebook and follow us on Twitter.

Over To You

Have you received phishing mails? Were you able to identify it? What steps do you take to safeguard yourself from such attacks? Share your thoughts on this through the comment form below.