As tax season peaks in India, so does the activity of cybercriminals. In a new alert, the government has issued a public warning about a widespread phishing campaign targeting taxpayers with fraudulent emails posing as official income tax refund notifications. The emails promise refunds of up to ₹60,000, luring unsuspecting individuals into clicking malicious links or sharing sensitive personal details.
Rising Threat: Cybercriminals Exploit Tax Season Emotions
With the annual Income Tax Return (ITR) filing season underway, millions of taxpayers eagerly await their refund confirmations. Cyber fraudsters are now exploiting this anticipation by sending emails with subject lines like “Income Tax Refund for Assessment Year 2024-25” and quoting large refund amounts such as ₹60,000. The emails claim that refunds above ₹25,000 now require “manual verification” as per “RBI and PMLA norms”—a fabricated regulation designed to trick recipients into complying.
The embedded links or attachments in these emails often lead to fake income tax websites that appear legitimate. However, clicking them could infect the device with malware or redirect victims to phishing sites designed to steal their passwords, bank details, or Aadhaar information.
Government Clarification: It’s a Scam, Not a Refund
The Press Information Bureau (PIB) Fact Check unit was quick to flag the emails as fraudulent, stating unequivocally that the Income Tax Department does not send such messages requesting personal details, PINs, or passwords. The department has urged taxpayers not to reply, not to click links or attachments, and not to paste such links into their browsers.
Here’s what a typical fake email reads:
“Dear Taxpayer, this is an official notification regarding your Income Tax Refund for Assessment Year 2024-25. Amount eligible: ₹60,000. As per latest RBI & PMLA norms, refunds above ₹25,000 require recipient confirmation.”
Experts caution that such language is deliberately formal to appear convincing, but is entirely fabricated. These phishing scams are aimed at installing spyware or stealing banking credentials under the guise of refund verification.
What To Do If You Receive Such an Email
The Income Tax Department and cybersecurity officials have laid out steps for citizens to stay protected:
- Do not respond to any suspicious emails.
- Do not open any links or attachments.
- Keep antivirus and firewalls updated on your devices.
- Report phishing emails immediately.
If the fraudulent email claims to be from the Income Tax Department, forward it to:
webmanager@incometax.gov.in
If the email is a general cyber phishing attempt not linked to taxation, report it to:
incident@cert-in.org.in
Include the email header to help authorities trace the origin.
Phishing is among the most common cyber threats in the digital age, especially when tied to government services like tax refunds. While the Income Tax Department continues its efforts to raise awareness, it’s the vigilance of individuals that will offer the first line of defense against such cyber scams. A moment of caution can prevent a massive financial loss.