How to protect yourself from E-filing Account Credential Harvesting Scam?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

E-filing Account Credential Harvesting Scam

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, WhatsApp, KYC

How E-filing Account Credential Harvesting Scam Works

Overview This scam targets Indian taxpayers by luring them into providing their income tax e-filing portal login details on fake websites. Criminals aim to harvest credentials for unauthorized access to taxpayer accounts, enabling large-scale identity theft and fraudulent refund claims. The scam poses a severe risk, as access to e-filing accounts reveals personal information, financial history, and other sensitive data. How It Works Scammers send victims emails or SMS texts that appear to be from the Income Tax Department, instructing them to update or verify their e-filing account details. The links in these messages redirect users to websites that closely resemble the official tax portal. Victims are prompted to enter their login credentials, PAN, and sometimes complete OTP or 2FA verification. Once harvested, these credentials are used by criminals to access accounts, alter data, or file fraudulent returns. India Angle The scam leverages high digital adoption of e-filing systems in India. It’s prevalent during the annual tax season and targets users from metropolitan and tier-2 cities. Popular communication channels are email, WhatsApp, and SMS, while fake websites use subtle domain name changes (like incometaxx.gov.in) to fool Indian users. Real Examples 'Your account access is restricted. Login now to verify PAN and bank details: https://incometax-india-login.com' 'Mandatory KYC update needed for e-filing: Click here to continue.' 'Namaste, we have detected suspicious login activity. Please confirm your identity to prevent account suspension.' Red Flags - Links or websites that look almost, but not exactly, like the official portal - Unsolicited prompts to update login or PAN details - Messages requesting OTPs for verification - Unexpected emails about account access or KYC Protective Measures - Only access the Income Tax portal via incometax.gov.in directly - Do not share your e-filing credentials or OTPs with anyone - Enable two-factor authentication on your e-filing account - Stay alert to domain lookalikes and browser warnings If Victimised - Immediately change your password on the official tax portal - Report the incident at cybercrime.gov.in and notify Income Tax authorities - Inform your bank and watch for suspicious transactions - Check your e-filing account for unauthorized returns or changes Related Scams - Bank account credential phishing - UPI login theft scams - Online investment portal impersonation fraud

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does E-filing Account Credential Harvesting Scam Target?

General public across India

Red Flags — How to Identify E-filing Account Credential Harvesting Scam

Websites closely resembling incometax.gov.in
Unrequested messages asking for KYC or login update
Demands for OTP verification
Suspicious domain names in communication
Unexpected account access alerts

What To Do If You Encounter E-filing Account Credential Harvesting Scam

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report E-filing Account Credential Harvesting Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is E-filing Account Credential Harvesting Scam?: Overview This scam targets Indian taxpayers by luring them into providing their income tax e-filing portal login details on fake websites. Criminals aim to harvest credentials for unauthorized access to taxpayer accounts, enabling large-scale identity theft and fraudulent refund claims. The scam poses a severe risk, as access to e-filing accounts reveals personal information, financial history, and other sensitive data. How It Works Scammers send victims emails or SMS texts that appear to be fr
How does E-filing Account Credential Harvesting Scam work?: Overview This scam targets Indian taxpayers by luring them into providing their income tax e-filing portal login details on fake websites. Criminals aim to harvest credentials for unauthorized access to taxpayer accounts, enabling large-scale identity theft and fraudulent refund claims. The scam poses a severe risk, as access to e-filing accounts reveals personal information, financial history, an
How to protect yourself from E-filing Account Credential Harvesting Scam?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report E-filing Account Credential Harvesting Scam in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.