Income Tax Return Scam: Money and banking scams are very common these days and currently, during the ongoing Income Tax Return season, scammers are taking advantage of the completion process and are targeting account holders through tax-time smishing campaigns. Scammers are sending text messages to bank account holders that appear to be from popular Indian banks, with the aim of tricking users into giving away their personal information.
According to a report by Sophos, reported by TOI, scammers are sending fake text messages claiming that the recipient’s bank account will be blocked and are asking them to update their PAN and AADHAR card information on their accounts. These Text messages also include a link to download an Android Package (APK) file. If installed with the app linked with an APK file, the app looks similar to the real bank application and users are then tricked to enter their banking details in the fake app to steal money.
“This not only abuses recipients but the bank brands. The APK then tries to acquire the recipient’s login, password, debit card number, and ATM pin,” the report reveals.
What is an Income Tax Return scam?
In cases of tax time smishing scams, scammers target people during the income tax return filing period. Scammers send text messages claiming to be from a particular bank and include a link to download a malicious Android Package (APK) file. If people install it, the APK opens fake bank login pages that look like real ones. If the recipient enters any personal information on these pages, the data is sent to a remote server owned by the attackers instead of the bank. The malicious APK also has the ability to read incoming SMS texts, possibly to extract OTP codes issued by the bank.
Income Tax Return scam: How to be safe from a scam?
Recipients are required to be cautious of text messages claiming to be from banks.
Recipients should not download any app from messages.
If you receive an unexpected message “from your bank” or another service provider, reach out directly to the bank officials by phone or through the provider’s legitimate, secured website or apps or by visiting the nearest branch