Fake Income Tax email alert! ‘SilverFox’ hackers target Indians with dangerous malware — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 14, 2026

Severity: CRITICAL | View Full Scam Details

Beware in 2026: Fake Income Tax Email Alert Scam by ‘SilverFox’ Hackers Targeting Indians with Dangerous Malware

A new phishing scam in India uses fake income tax email alerts to trick unsuspecting taxpayers into downloading malware that can steal money and personal data.

What Is the Fake Income Tax Email Alert! ‘SilverFox’ Hackers Target Indians with Dangerous Malware?

This scam involves a sophisticated phishing campaign operating under the alias ‘SilverFox’ hackers, targeting Indian taxpayers by sending fraudulent emails that appear to be official income tax alerts. These emails are designed to create panic by falsely claiming that the recipient has pending tax dues or suspicious account activity. The message urges immediate action by clicking on a link or downloading an attachment, which actually infects the victim’s device with malware known as “FireCrawl.”

Once infected, FireCrawl malware can capture sensitive information such as bank login credentials, UPI PINs, Aadhaar-linked data, and even allow remote access to the victim’s device. The malware is particularly dangerous because it can evade detection and spread to contacts on WhatsApp and email, making the scam widespread across multiple Indian states.

CERT-In (Indian Computer Emergency Response Team) and the Indian Cyber Crime Coordination Centre (I4C) have issued warnings about the rise in phishing attacks mimicking financial institutions and government tax alerts. RBI has also reminded users to be cautious about emails claiming to be from the Income Tax Department, as official communications rarely come via email without prior intimation on the Income Tax e-filing portal.

How This Scam Works — Step by Step

1. Phishing Email Received: The victim receives a convincing-looking email claiming to be from the Income Tax Department. The email warns of overdue tax payments or illegal transactions flagged against their PAN.

2. Urgent Call to Action: The email urges immediate action by clicking an embedded link or downloading an attached PDF or ZIP file that supposedly contains payment details or dispute forms.

3. Malware Installation: Once the link is clicked or attachment opened, FireCrawl malware installs silently on the victim’s device—often disguised as a document reader or tax form software.

4. Data Harvesting: The malware starts capturing sensitive information, including bank UPI credentials, Aadhaar OTPs, and passwords saved in browsers.

5. Unauthorized Transactions: Using stolen credentials, hackers initiate UPI transaction frauds or SIM swaps to intercept OTPs, emptying bank accounts or siphoning money via mobile wallets.

6. Spread Through Contacts: The malware sends fake income tax alert messages via WhatsApp or email to the victim’s contacts, increasing the scam’s reach.

Real Warning Signs to Watch For

• Email sender address doesn’t end with official government domains like ‘@incometax.gov.in’ or ‘@gov.in’.
• Links in email don't lead to the income tax e-filing portal but to unrelated or suspicious websites.
• Unexpected attachments in emails, especially ZIP or EXE files, claiming to contain tax notices.
• Poor grammar, spelling mistakes, or formatting inconsistencies in email content.
• Urging immediate payment or threatening penalties without prior official communication on the income tax portal.
• Requests for sensitive personal details, OTPs, or bank credentials via email or phone.
• Emails that appear urgent but come unsolicited, especially if the individual has no pending taxes.

What Happens to Victims

Victims of the SilverFox phishing scam often face severe financial loss. The malware-assisted theft of UPI PINs and mobile SIM swaps mean funds can be drained quickly from bank accounts and mobile wallets without easy recourse. Since many Indian users link Aadhaar to multiple financial services, the malware’s access can lead to further identity misuse, such as opening fraudulent bank accounts or accessing subsidy schemes.

Emotionally, victims experience distress and helplessness, especially as traditional banking dispute resolutions take time. Many face challenges recovering lost money through UPI reversals because these transactions happen rapidly and with OTPs intercepted through SIM swaps. The breach of personal data also raises long-term risks of being targeted by future scams.

What RBI and CERT-In Say

The Reserve Bank of India has emphasized vigilance against phishing and malware attacks exploiting UPI and banking credentials. RBI’s helpline advises never sharing OTPs or login passwords with anyone, even if they claim to be government officials.

CERT-In has launched advisories urging Indians to verify the authenticity of emails purportedly from government departments and avoid clicking on unknown links. They recommend keeping systems and antivirus software updated to detect threats like FireCrawl malware.

The National Cyber Crime Helpline 1930 serves as a direct contact point for citizens to report cyber frauds, and filing complaints via cybercrime.gov.in helps authorities in tracking and curbing such scams.

How to Protect Yourself

1. Always verify income tax communications by logging in to the official income tax e-filing portal instead of clicking email links.
2. Avoid opening attachments or links in unsolicited emails or WhatsApp messages about tax dues.
3. Check the sender’s email domain carefully; official emails come only from government domains like @incometax.gov.in.
4. Never share OTPs, passwords, or Aadhaar details with anyone over email, phone, or WhatsApp—even if they claim to be officials.
5. Keep your device’s operating system and antivirus software updated to detect malware like FireCrawl.
6. Use multi-factor authentication (MFA) for bank and UPI apps to add an extra layer of security.
7. Regularly review bank and UPI transaction statements for any unauthorized activity and report immediately.

What to Do If You've Been Targeted

If you suspect you have fallen for this scam:

1. Immediately change your bank and UPI app passwords.
2. Contact your bank’s customer care and inform them about the fraudulent transactions to potentially block or freeze accounts.
3. Lodge a complaint with the National Cyber Crime Helpline at 1930.
4. Report the incident on cybercrime.gov.in to alert CERT-In and I4C authorities.
5. Inform your mobile service provider to check for SIM swap frauds and secure your number.
6. Monitor Aadhaar-linked services and consider placing a lock on your Aadhaar for additional protection.
7. Avoid further clicking on suspicious links and disconnect the infected device from the internet until cleaned.

Frequently Asked Questions

Q1: Can the Income Tax Department send alerts via email?
Officially, the Income Tax Department primarily communicates through the e-filing portal and registered SMS; emails are rare and never ask for personal information or payment via links. Always verify suspicious emails by logging into the official portal directly.

Q2: What should I do if I clicked a suspicious link from such an email?
Disconnect your device from the internet immediately, run a full antivirus scan, change your banking passwords, and report the incident to your bank and cybercrime authorities at 1930.

Q3: Is there any way to recover money lost through UPI fraud in this scam?
While RBI guidelines support reversal of unauthorized UPI transactions in many cases, swift reporting is critical. Contact your bank immediately and file a police complaint; delayed reporting reduces chances of refund.

Scams like the Fake Income Tax Email Alert from SilverFox hackers are becoming increasingly dangerous in India. Always double-check suspicious tax-related messages before clicking any links or downloading attachments. When in doubt, visit BharatSecure.app to verify if a message is genuine or a dangerous scam designed to steal your money and personal data. Stay alert, stay safe!