In the world of scams, a unique type of scam is afflicting the people of India. This time scammers are targeting people who are in the process of filing their income tax returns. This is known as a tax-time smishing scam, which happens during the period when the window for income tax return filing remains open.
Tax-smishing scam
Scammers are sending fraudulent text messages to people posing to be their bank. Either they are asking for personal, sensitive, and confidential information or asking them to click on a link to download a malicious APK.
The fake messages claim that the bank account users’ accounts would be blocked unless they update their AADHAR and PAN card information. Along with that, a link is received.
If somebody downloads the app using the APK, the resulting app would look similar to the user’s bank app. They open fake login pages. This is how users are tricked to feed their bank details into the fake app. The data is sent to a remote server owned by the scammers. The malicious Android Package can read incoming messages. Thus, they can extract OTPs received from the bank upon request. Ultimately the app succeeds in stealing money from the account.
Sophos said in its report, “This not only abuses recipients but the bank brands. The APK then tries to acquire the recipient’s login, password, debit card number, and ATM pin.”
Suggested read: Security Measures to Prevent Data Breaches and Keep It Safe
How to safeguard from getting scammed?
SMS scams are nothing new. However, at this time people should be extra careful. Since they are busy concentrating on income tax returns filing, they may mistake the fraudulent messages for real while checking their bank details through banking apps or online banking.
It is to be noted that banks never ask for any financial or personal information through SMS, social media, or messaging apps. Always remain cautious of such messages and never reply, download anything, or give any details. Check the identity of the sender every time.
If you are unsure about the authenticity of any such messages, contact your bank directly using official channels and verify the status. To report any such activity, send an email to phishing@irs.gov with the SMS screenshot attached.