The Rising Threat of Phishing During Tax Season
A recent Kaspersky report revealed that in 2024, businesses in India experienced over 2 lakh phishing attempts. In just the first half of the year, organizations faced 135,173 phishing attacks targeting financial sectors like e-commerce, banking, and payment systems—a 175% increase compared to the previous year. This spike is largely due to more people going digital, along with cybercriminals using AI and automation to create highly convincing scams.
In light of these threats, the Income Tax Department has warned taxpayers on its official social media channels to be extra cautious of any unexpected calls or messages that claim to be from them.
Kind Attention Taxpayers!
— Income Tax India (@IncomeTaxIndia) March 10, 2025
Beware of phishing scams! The Income Tax Department never asks for confidential information like passwords, OTPs, or bank details over phone, email, or SMS.
✅Do not click on suspicious links.
✅ Verify emails only from official domains… pic.twitter.com/dRE1UWC8F7
The Rising Threat of Phishing During Tax Season
Phishing scams during tax season in India take many forms. Here are some of the most prevalent schemes you should be aware of:
Phishing Emails Impersonating the IT Department
Scammers send emails that look nearly identical to official Income Tax Department communications. These emails typically create a sense of urgency by claiming that your tax return needs verification or that you are eligible for an unexpected refund. The email may include a fake logo, urgent language, and a link to a clone of the official income tax portal. Your sensitive financial information may be compromised once you click the link and enter your details. Samples of phishing emails are available on the Income Tax Department website.
Fake Calls and SMS Messages
With advancements in voice spoofing and messaging technologies, fraudsters are now making phone calls and sending text messages posing as tax officials. They claim that you have an outstanding tax balance or that your refund is pending, and then urge you to share your bank details or verify your personal information through a link. Remember: the Income Tax Department never initiates contact via phone or SMS.
“You have been approved an Income Tax Refund of ₹15,000/-, the amount will be credited to your account shortly. Please verify your account number 5XXXXX6777. If this is not correct, please update your bank account information by visiting the link below: https://bit.ly/20wpUUX”
Ghost Tax Preparation Scams
In this scam, unethical tax preparers offer to complete your tax return for a fee but then vanish after taking your money. These fraudsters might promise large refunds and use fabricated receipts. When the fraudulent return is submitted, you not only lose your money but also face complications with the Income Tax Department, as your legitimate return may be flagged or rejected.
Tax Identity Theft
Criminals can also use your publicly available information—often harvested from social media—to file tax returns in your name. By altering bank account details, they claim refunds that are deposited into their accounts. Later, when you try to file your genuine return, you receive notifications that a return has already been filed under your PAN, leading to prolonged hassles in reclaiming your refund.
How to Protect Yourself from Phishing Scams
Falling prey to these scams can lead to severe financial losses and legal complications. Here are some practical steps to keep your sensitive data safe:
Verify Communications
Always scrutinize emails and messages that claim to be from the Income Tax Department. Check the sender’s email address and never click on links unless you are certain of their authenticity. If you’re unsure, open a new browser window and manually type the official website URL (e.g., www.incometax.gov.in).
Be Wary of Urgency
Scammers often use urgent language to push you into making quick decisions. Take a moment to think before you respond. Genuine tax authorities will never pressure you into immediate action or demand payments via gift cards or unconventional methods.
Use Secure Payment Methods
When making online tax payments, stick to trusted payment methods like credit or debit cards, which often come with additional layers of security such as tokenisation. Never share your card details or PINs over the phone or through unverified links.
Keep Personal Information Private
Avoid sharing sensitive information like your bank details or PAN over email or text messages. Utilize secure portals and encrypted services whenever you need to transmit confidential data.
Enable Multifactor Authentication (MFA)
One of the most effective ways to safeguard your accounts is by using MFA. This adds an extra verification step, making it significantly harder for hackers to gain access—even if they somehow obtain your password. MFA can be implemented through SMS codes, authenticator apps, or hardware-based solutions.
How Yubikey Strengthens Your Cybersecurity
Unlike traditional MFA methods that may still be vulnerable to interception, Yubikey uses cryptographic protocols (such as FIDO2 and Universal 2nd Factor [U2F]) to securely verify your identity without transmitting sensitive data over the internet.
Key Benefits of Yubikey
Phishing Resistance: Yubikey’s hardware-based encryption ensures that even if you accidentally reveal your password, an attacker cannot access your accounts without the physical key.
Ease of Use: Its compact, portable design makes it simple to use—just plug it into your USB port or tap it on your NFC-enabled smartphone. This simplicity encourages adoption among employees, reducing the friction often associated with digital security measures.
Wide Compatibility: Yubikey is compatible with a range of devices and operating systems, making it an ideal solution for diverse work environments, whether you’re in IT, banking, manufacturing, or healthcare.
Where to Buy Yubikey in India
In India, you can purchase genuine Yubikeys from iValue Group, the country’s only official distributor of Yubikeys. Buying from iValue guarantees authenticity, full technical support, and warranty coverage, ensuring your cybersecurity investment is protected.
Tax season is inherently stressful, but it shouldn’t be stressful because of cyber threats. By staying informed about the latest phishing scams and implementing strong security measures such as MFA with Yubikey, you can significantly reduce your risk of falling victim to fraud. Verify every communication, use secure channels for your transactions, and make hardware-backed security a cornerstone of your cybersecurity strategy.
