Anika Gupta (name changed) filed her Income Tax Return (ITR) for the Assessment Year (AY) 2019-20 on August 30, 2019 and promptly e-verified her ITR through Aadhaar OTP. On September 6, 2019 she got a mail from a suspicious email ID, asking her to e-verify her return.
Claiming to be from Income Tax (I-T) Department, the mail said, “Hello email@example.com, Income Tax Return for the Assessment Year 2019-2020 has been successfully filed. After Submission, It is mandatory for Tax Payers to e-Verify the Income Tax Return using various verification methods. For your Income Tax Return, e-verification is not d………..read more”
The mail also contained the following three lines, with the texts ‘read more’ (above), ‘see here’, ‘pending’ and ‘click here’ containing malicious links.
Methods of e-Verification – see here
Status for firstname.lastname@example.org: pending
To e-Verify using Aadhaar – click here
Not only, Anika Gupta, but on September 3, 2019, Rajat Deora (name changed) got an SMS, claimed to be from the I-T Department, saying, “Important Alert! Dear Raxxx Xxxra, the Incometax_Department requires you to click the link below to submit a formal request for the payment of your unclaimed and overdue tax-refund of xxxx INR.” The message was followed by a dubious link.
Soon after receiving the mail, Anika Gupta promptly reported the matter to the grievance section of the I-T Department, leading to put up of an alert pop up by the Department on very next day.
The I-T Department alerted the taxpayers by saying, “Income Tax Department neve asks PIN, OTP, Password or similar access information for credit/debit cards, banks or other financial account related information through e-mail, SMS or phone calls. Taxpayers are cautioned not to respond to such e-mails, SMS or phone calls and not to share personal or financial information.”
Further educating the taxpayers on how to identify phishing emails, the I-T Department said, “Check the domain name carefully. Fake emails will have misspelled or incorrect sounding variants of Income Tax Department web sites and will have incorrect email header.”
Further cautioning the taxpayers, the Department further said, “In case if you have received such phishing / suspicious mail-do not open any attachments as it may contain malicious code. Do not click any links. Even if you have clicked on links inadvertently, then do not enter personal or financial information such as bank account, credit/debit/ATM card, income tax details, etc.”
The I-T Department also provided a link containing list of official e-mail and SMS campaigns sent by its e-filing unit.