NEW DELHI: The Press Information Bureau’s Fact Check unit has issued a red alert over a surge in fraudulent emails that lure recipients into downloading counterfeit e‑PAN cards. These emails are not from the Income Tax Department and are engineered to extract bank, Aadhaar, and personal credentials via malicious links. Recipients are strongly urged to delete these messages and report them to the official authorities.
The phishing messages typically carry subject lines such as “Download e‑PAN Card Online: A step‑by‑step guide”, claiming the Income Tax Department sent them. In reality, they redirect users to spoofed websites controlled by cybercriminals. Clicking links or opening attachments risks exposure to malware or identity theft. The department emphatically advises: it never requests personal PINs, passwords, or OTPs via email.
How the Scam Works and What You Should Do
Cybersecurity experts explain that once victims engage with the fake emails, they’re prompted to enter sensitive data. This information enables the scammers to hijack bank and government accounts, then deploy malware remotely. Similar phishing efforts were previously flagged in late 2024, but have surged again amid renewed interest in the government’s PAN 2.0 initiative.
Victims are urged to:
-
Never click links in unsolicited e‑PAN emails.
-
Do not reply or open attachments.
-
Report suspicious emails to webmanager@incometax.gov.in and incident@cert-in.org.in, then permanently delete them.
-
Download e‑PAN only via the official Income Tax e‑filing portal, NSDL, or UTIITSL websites.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Broader Implications and Cybersecurity Response
A Persistent Threat Landscape
This scam underscores a larger fight against phishing and identity theft in India. Despite repeated warnings, the counterfeit e‑PAN tactic continues to ensnare the digitally unwary. The economic fallout of such frauds can range from small bank account loots to large-scale identity theft with long-term consequences.
Strengthening Defences
Agencies recommend:
-
Keeping antivirus and firewalls updated.
-
Using email filters to block spoofed government domains.
-
Raising public awareness, particularly targeting digitally vulnerable groups like senior citizens.
The Income Tax Department and CERT‑IN are actively collaborating with network providers and email services to trace, block, and prosecute perpetrators. Still, cyber experts caution that public vigilance remains the first line of defence.
About the Author – Sahhil Taware is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change.