As online services are becoming more efficient day by day, scammers have also found new ways to scam people. Scams happening in online banking are not new. Scammers loot people by sending them alert messages or texts about KYC, credit cards, or bank updates.
They target people who have ongoing issues or updates regarding their accounts. PAN Update is a great example here, and they are easy to scam. Just like PAN updates for online transactions, a new scam has come to light in recent times where scammers target people who are filing their income tax forms.
While going through the Income Tax Return completion process, Indian account holders fall prey to scammers’ tricks where they use tax-time smishing techniques to exploit them. They trick people into providing personal information by sending phoney SMS messages to bank account holders that pretend to be from reputable Indian banks.
According to a Sophos investigation, scammers are sending fraudulent text messages asking recipients to update their Permanent Account Number and AADHAR card information on their accounts and warning that their bank accounts may be blocked.
Additionally, a download link for an Android package (APK) file is included in these text messages. Users are tricked into inputting their banking information into the fake app to steal money when the program is coupled with an APK file that makes it resemble the actual bank application.
According to the research, this harms the reputations of the banks’ brands in addition to their account customers. The recipient’s login information, password, debit card information, and ATM pin are then requested by the APK.
Even while consumers may misinterpret bogus bank SMS scams for real ones this time when checking their account information via online banking or banking applications at the time when tax returns are being filed, despite the fact that they have previously occurred.
What Is a Tax-Timing Scam?
When consumers file their income tax returns, a scam occurs, and they become victims of tax-season smishing scams. Scammers send fake texts with links in the body that appear to be from the recipient’s bank and make that claim. The recipient of this link will be taken to a malicious Android package (APK) file.
Once the APK is installed, bogus bank login panels that look real are introduced. If the receiver provides any personal information on these pages, the information is sent to a remote server controlled by the attackers rather than the bank. The malicious APK can potentially retrieve OTP codes provided by the bank and read incoming SMS communications.
How to Protect Yourself from Tax Season Smear Campaigns?
Beware of messages that seek your personal information or the details of any financial account while purporting to be from your bank. To prevent you from responding to these phoney communications, banks frequently text you to warn you not to share information and to assure you that they will never get in touch with you via text message, messaging services, or social media.
Prior to accessing or downloading any files when getting such test messages or attachments, exercise caution and verify the sender’s authenticity.
If your bank or another service sends you an unexpected message, get in touch with them right away by phone, using the company’s legitimate, secure website or applications, or by going to the nearest branch.
If you believe you have received such an SMS, you can report the fraud by emailing firstname.lastname@example.org with the email or a copy of the text or SMS in question.