Cybercriminals are using new ways to trick users into losing money. The latest is an SMS scam, where cyber criminals pretend to be from the Income Tax Department. They then trick people into sharing their bank details. Pune-based Quick Heal Technologies has issued an alert asking users to not get tricked with fake I-T refund messages. Also Read - Beware! This Apple iPhone charging cable can actually hack your computer
How cybercriminals are tricking users
These scam messages open on a positive note to attract the recipient’s attention. It says he/she has been approved an income-tax refund of a certain amount. The message is then followed by a wrong bank account number. It asks the recipient to click a link if the account number is not correct, thereby making him/her a naive victim. Also Read - Microsoft issues security alert over cyber attack: Reports
The fraudulent link opens up a website similar to the I-T Department site. The victim is asked to enter their login details created on the I-T Department website, says Quick Heal. Without wasting any time, the victim is asked to enter the correct bank account details. Also Read - 50 million cyber threats detected in H2 2018: Seqrite
Once the fraudster has the correct bank details, they call the victim posing as I-T officials. They are convinced that they have been irregular with their IT returns and thus are required to pay the requested fine. Unfortunately, the scam does not stop at that.
With access to the correct login details on I-T department website, the fraudster transfers funds from victim’s account to their own account. At times, the fraudster also modifies details, such as phone number and email ID, which are often used for validation purpose, says Quick Heal.
How to stay safe from I-T refund messages fraud
While people cannot completely stop such messages from landing into their inbox, they can sure take some precautionary measures. Users should not share financial details, like bank account number, pin and OTP, by responding to messages, emails or phone calls. One should not click on links or attachments received through SMS or emails unless absolutely sure, as these may be malicious, says Quick Heal.
With inputs from IANS.