IT REFUND SCAM Compiled by Fine AdviceWe continue with our series Scam Alert……Internet scams have become very common these days. We often receivemails from someone wanting to transfer money from Eastern Europe orsome widow of a war lord in Africa asking for our help in return for afortune.Well this is the season of Income Tax refunds……..The latest internet scam targeting Indians specifically is in the form of anemail that tells you about income tax refund, but is actually trying to getyour online banking log-in ID and password so that your account can beemptied!This is phishing!Phishing is an e-mail fraud designed to steal your web identity and captureyour personal data like Credit/Debit Card numbers, bank accountinformation, or other sensitive financial information.The scam starts with an email. In your inbox, it looks like this:The sender of the email is “Income Tax Department”, and the subject is“Tax-Refund Notification...”On opening the email, you would see this:
It looks quite legitimate and even has the logo of the Income TaxDepartment! It tells you that you have some income tax refund, and youneed to click a link and submit a “tax refund request”.If you see carefully, you would see that the sender of the email is:firstname.lastname@example.orgDepending on the email provider you use, you would also be able to see thatthe message has been sent via (see the red box in the image above):eigbox.netIt means that it has not been sent directly from the websiteincometaxindia.gov.in! This is the first red flag for the fraud.Also, the email is addressed to “Valued Taxpayer”. If it a genuine email witha refund amount that is unique to you it would have been directly addressedto you.This is the second thing that doesn’t seem right on this page.
When you click on the link on the email, you are taken to the website of theIncome Tax Department of India, which looks like this:This website too looks quite legitimate! After all, it has the right logo and allthe menus!But when you see the address bar of your browser, you would see thatinstead of having the address of the website, it has numbers followed byletters. (See the red box in the above image). This is the IP address of thecomputer on which this scam website is hosted.Also, if you move your mouse on any of the menu items in the left menu,you would again see that the links point to the same “number”, and not tothe income tax department website.
The page then asks you to select your bank and click on “go”. This is whatyou see when you select the bank and click on the “go” button:This page looks like the login page of your bank’s internet banking facility.In fact, it looks quite genuine as well.But there are a few red flags here as well.First, why should you need to log into your bank’s online banking to claimincome tax refund?And second, the address bar of your browser for even this page hasnumbers followed by letters instead of having the address of the website (Seethe red box in the above image).So this is definitely a fraudulent website. But what happens if you end upentering the log in / password here?For one, the scamsters now know the log in details for the internet bankingfacility for your bank account. But it doesn’t stop there. Here’s the nextpage:
This page asks for your debit card / ATM card number, and many otherrelevant details of your bank account.As you would see, the address bar of your browser for even this page hasnumbers followed by letters instead of having the address of the website (Seethe red box in the above image).Once you enter the details here, this is what you see:
It is a confirmation that your “Tax refund request has been submittedsuccessfully!”As we saw above, there are many red flags that identify this whole thing as ascam. But what if you are not alert and fall for it?You can be lured by the “income tax refund” money, and would end upgiving the scamster your internet banking log in details. Not just that, youwould also give him your debit / ATM card number and all other relevantdetails of your bank account.Internet banking gives us a lot of convenience. But at the same time, wehave to be on the lookout for things that are suspicious and don’t look right.