? Cool Title, but what’s the news?
The country’s premier cyber security agency – CERT-In – has cautioned against a malicious ‘SMShing’ fraud where fake messages are being sent to people in the name of the Income Tax (I-T) department saying their refunds have been approved, with an aim to steal the recipient’s vital personal details and put them on the dark net “for sale”.
? Okay, but what does it mean?
The warning, that also acts as an advisory, comes at a time when the tax returns filing season is on and the Central Board of Direct Taxes (CBDT) has sometime back extended the deadline to do till August 31.
Recently, some people wrote on social media platforms that they had received such messages.
? Why should I care?
This is the modus operandi of the attack:
The message in the SMS tells the recipient that their income tax refund for a certain amount has been approved and will be credited shortly in his bank account. This is followed by an incorrect bank account number. Message reads to the recipient to verify the given bank account number and if found wrong, then visit the shortened bit.ly link given in the message to update his bank record.
Do not reply to the suspicious SMS and emails and such social engineering tactics can be identified as these SMS and emails have errors grammatical or spelling errors; even if the SMS or emails came from someone you know, be wary about opening the attachment or click on links as some malicious emails may be spoofing the sender