caalley logo

The alley for Indian Chartered Accountants

Scammers targeting users while they file income tax return, beware of new tax SMS scam

New Delhi, April 17, 2023 

Received an SMS requesting you to share your PAN, Aadhaar, or other documents to reactivate your bank account? Beware! Do not click on the link or you may fall victim to the online scam and lose money.

In Short

  1. Scammers are targeting bank customers who are filing income tax return.
  2. They are sending fraudulent SMSs pretending to be from receiver's bank.
  3. The fraudulent SMS also includes APK file which installs a malicious app which looks similar to original Bank apps.

Online bank scams are not new and have been reported in the past few years. Scammers trick people through fake messages related to KYC, credit card or bank updates. They especially target people who are dealing with urgent cases like PAN updation. Similar to fake PAN update scam, there is a new scam going viral in which scammers are targeting people who are busy completing their income tax returns.

In an ongoing scam, scammers are taking advantage of the ongoing Income Tax Return completion process and are targeting Indian account holders through tax-time smishing campaigns. They are sending fraudulent text messages to bank account holders that appear to be from popular Indian banks, with the aim of tricking users into giving away their personal information.

According to a report of Sophos, cited by TOI, scammers are sending fake text messages claiming that the recipient's bank account will be blocked and are asking them to update their PAN and AADHAR card information on their accounts. These Text messages also include a link to download an Android Package (APK) file. If installed with the app linked with an APK file, the app looks similar to the real bank application and users are then tricked to enter their banking details in the fake app to steal money.

"This not only abuses recipients but the bank brands. The APK then tries to acquire the recipient's login, password, debit card number, and ATM pin," the report reveals.

While fake bank SMS scams have happened before, it is important to be cautious this time as people may mistake them for real SMS while checking their account details through online banking or banking apps during the income tax return filing period.

What is tax-time smishing scam
In cases of tax time smishing scams, scammers targets people during the income tax return filing period. Scammers send fake text messages claiming to be from the recipient's bank and include a link to download a malicious Android Package (APK) file. Once installed, the APK opens fake bank login pages that look like real ones. If the recipient enters any personal information on these pages, the data is sent to a remote server owned by the attackers instead of the bank. The malicious APK also has the ability to read incoming SMS texts, possibly to extract OTP codes issued by the bank.

So how to prevent falling for these fake SMSs?

How to be safe from tax-time smishing scam

-- Be cautious of text messages claiming to be from your bank and asking for personal or financial information. The banks will never contact you through text messages, messaging apps, or social media to share details.

-- Be vigilant when receiving unsolicited text messages or attachments and verify the sender's identity before opening or downloading any files.

-- If you receive an unexpected message "from your bank" or other service provider, reach out directly to the bank officials by phone or through the provider's legitimate, secured website or apps or by visiting the nearest branch.

-- If you have received such SMS, you can report the scams by sending the email or a copy of the text/SMS as an attachment to This email address is being protected from spambots. You need JavaScript enabled to view it..

[India Today]

Read more on:
Don't miss an update!
Subscribe to our newsletter