Scammers are literally on their toes all year round, but for all the wrong reasons, devising ways and means to trick innocent people. In their latest attempt at fraud, cyber criminals are using fake SMS pretending to be from Income Tax Department to trick innocent victims into sharing bank account details.
At a time when people across the country are getting ready to file their I-T returns, an SMS like below, confirming a refund and asking you to verify your bank details can seem quite genuine.
Note that the message opens on a good note to instantly attract your attention, immediately followed by a wrong bank account number. The message continues to smoothly trick you into verifying your account number if wrong, simply by clicking the link, ultimately making you an unsuspicious victim of the fraud.
The whole purpose of the message is to hook and dupe tax payers with the wrong bank account number (purposefully so) and force them to click the website link, in an attempt to rectify the error. The fraudulent link opens up to a website similar to the genuine I-T department website and the victim is asked to enter their login details created on the actual I-T department website.
Without wasting any more steps, the victim is asked to enter the correct bank account details, which in turn can easily be accessed and abused by cyber criminals.
Once fraudsters have the correct bank details, they call unsuspicious victims posing as I-T department officials and cheat them out of money, by convincing that they have been irregular with their I-T returns and thus, require to pay the requested fine, which the victim usually does.
Unfortunately, the scam doesn’t stop at that but rather is just the beginning. With access to the correct login details on IT department website, fraudsters can now easily transfer I-T funds from victim’s account to their own account or may simply modify their details like phone number, email ID, etc. which are often used for validation purpose.
While you cannot completely stop such messages from landing into your inbox, as a precautionary measure, here are few things you can surely do: