Kerala chitty firms have been warned about fake Income Tax emails demanding confidential financial records within three days. The phishing campaign threatens legal action and penalties, prompting calls for police intervention and stronger verification of official communications.

Fake Income Tax Emails Target Kerala Chitty Firms in Phishing Campaign

The420 Correspondent
4 Min Read

Thrissur: Chitty (chit fund) companies across Kerala have come under a phishing attack in which cybercriminals are sending fake emails impersonating officials of the Income Tax Department. The emails instruct institutions to submit financial records, tax-related documents, and other confidential information within three days, warning that failure to comply would result in legal action and financial penalties. An initial verification has confirmed that the emails are fraudulent and part of a phishing campaign designed to steal sensitive financial information.

The All Kerala Chitty Foremen’s Association has alerted chitty firms and other financial institutions to the ongoing cyber fraud. According to the association, several organisations have recently received nearly identical emails that closely resemble official government notices. The messages use intimidating language and the threat of enforcement action to pressure recipients into immediately sharing confidential records.

Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference

The fraud came to light after some chitty firms contacted the Income Tax Department to verify the authenticity of the emails. The department confirmed that it had not issued any such communications, making it clear that the messages were fake. The incident indicates that cybercriminals are misusing the identity of a government department to obtain confidential financial information from targeted institutions.

The association warned that organisations responding to such emails could expose sensitive financial records, customer information, and other critical business data to cybercriminals. Such disclosures could lead to financial losses, data theft, identity fraud, and further cyber-enabled financial crimes.

During its State executive committee meeting in Thrissur, the association described the phishing campaign as a serious cybersecurity threat and urged the Kerala Police to launch an immediate crackdown on the network responsible for the fraud. It also decided to submit a memorandum to the State government seeking stronger measures to prevent similar cyber offences and enhance the protection of financial institutions.

Cybersecurity experts noted that phishing campaigns frequently exploit the names of government agencies, banks, tax authorities, and law enforcement bodies to create a sense of urgency and fear. Fraudsters often replicate official logos, formatting, and legal language to make fake emails appear genuine and persuade recipients to disclose confidential information without verification.

A Researcher at Algoritha Security advised organisations never to share financial records, login credentials, digital signatures, passwords, or any sensitive documents solely on the basis of an email request. Institutions should carefully verify the sender’s email domain, digital signature, and the authenticity of the communication through official channels before responding. They should also avoid opening suspicious links or attachments and immediately report such emails to their cybersecurity teams.

Experts further recommended that organisations conduct regular phishing awareness training for employees, implement multi-factor authentication, and ensure that sensitive documents are shared only through verified government portals or officially authorised communication channels. Prompt reporting of suspicious emails to the concerned authorities and cyber police can help investigators identify and dismantle organised cyber fraud networks before they cause significant financial and operational damage.

About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.

Stay Connected