Income Tax Portal Account Takeover Scam

How Income Tax Portal Account Takeover Scam Works

Overview: In this dangerous scam, fraudsters compromise taxpayers’ e-filing portal accounts by tricking them into revealing login credentials. Once inside, the scammers modify personal details, file false returns, or reroute refund amounts to their own accounts. This not only leads to financial loss but can also drag innocent people into tax-related legal trouble. How It Works: 1. Victim receives a phishing email, SMS, or social media message requesting urgent login verification or refund processing. 2. Tricked by a lookalike portal, the victim enters their e-filing user ID, password, OTP, or secret code. 3. Scammers immediately use these details to access the official portal. 4. They change the registered mobile/email to block legitimate access. 5. Fraudulent tax returns or refund claims are filed in the victim’s name, transferring money to scam accounts. India Angle: This scam targets Indians from all regions, as every taxpayer who files online is vulnerable. Semi-urban areas and less tech-savvy individuals are more commonly hit. Communications may mention Indian financial years, PAN numbers, or use regional languages for authenticity. The main tool of this scam is UPI/IMPS for the diversion of funds. Real Examples: - “We have detected suspicious activity. Please confirm your portal login to avoid refund failure.” - “One-Time Password needed for urgent tax portal update.” Red Flags: - Unexplained portal login notifications - Changes to registered email or mobile you didn’t make - Messages asking for portal login or secret code - Sudden refund requests in your account history Protective Measures: - Activate two-factor authentication for your e-filing account. - Monitor your account for unexplained activity or changes. - Use strong, unique passwords for tax-related accounts. - Never share OTPs or passwords over phone, SMS, or email. If Victimised: - Immediately regain control by resetting passwords and contacting support. - Report to cybercrime.gov.in and call 1930. - Inform your bank and the Income Tax Department. - Check if unauthorized returns or refunds have been filed using your details. Related Scams: - Bank account hacking using phishing portals - Impersonation attacks targeting DigiLocker or Aadhaar login credentials

How This Scam Works — Detailed Explanation

In the Income Tax Portal Account Takeover Scam, scammers often target taxpayers by using phishing tactics through emails, SMS, or social media platforms like WhatsApp. They craft messages that seem legitimate, often impersonating government officials or tax department representatives, to convince individuals to click on links that lead to imitation e-filing portals. These phishing attempts often include claims of urgent verification requirements or enticing refund notices that prompt victims to share their login credentials without realizing the consequences. The urgency and legitimacy suggested by the messaging make it easy for scammers to exploit unsuspecting taxpayers.

The psychological manipulation employed by these fraudsters typically revolves around fear and urgency. By claiming that failure to act will result in penalties or loss of tax refunds, these scammers effectively pressure victims into providing sensitive information swiftly. They may also employ social engineering tactics, claiming to verify account security by asking for User IDs, passwords, or OTPs, attempting to gain trust through a false sense of authority. This leads to many individuals unwillingly sharing their login credentials, thus opening the door to a financial crisis and potential legal trouble when their accounts are taken over.

Once scammers gain access to a victim's Income Tax Portal account, they can execute several fraudulent activities. They may change personal details, such as bank account information or mobile numbers, to ensure that any future refunds are directed to their accounts instead of the rightful owner. Shocking cases in India have revealed such scams led to individual taxpayers losing amounts ranging from ₹50,000 to several crores. As the scammers file false returns, they essentially compel the victims into tax-related issues with the Income Tax Department. The entire transaction is seamless from the fraudster’s perspective as they carry out these activities without the victim's knowledge.

The ramifications of these scams extend beyond mere financial loss. In 2022 alone, reports indicated that victims of various cyber frauds in India collectively lost upwards of ₹18,000 crore, emphasizing the severity of cybercrime in the country. Organizations like CERT-In (Indian Computer Emergency Response Team) and guidelines issued by the RBI have highlighted the rising trend of digital scams, urging taxpayers to remain vigilant. The government’s continuous outreach through platforms like cybercrime.gov.in and the establishment of helplines such as 1930 aim to reduce these burgeoning figures and help victims regain control. As more taxpayers use digital transactions, the need for awareness and education becomes crucial.

Identifying the Income Tax Portal Account Takeover Scam can be challenging, especially when legitimate communications may appear similar. Victims often report receiving login notifications for accounts they did not access, unusual changes in their registered contact information, or unexpected refund claims. Any requests for User IDs, passwords, and OTPs that arrive seemingly out of nowhere should raise immediate red flags. Taxpayers should closely monitor their bank statements and communications regarding refunds to differentiate between genuine messages from the Income Tax Department and phishing attempts from fraudsters. Legitimate organizations will never ask for sensitive information via unsecured channels like email or SMS, and following this cardinal rule can help alert individuals to the dangers of such scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Income Tax Portal Account Takeover Scam Target?

General public across India

Red Flags — How to Identify Income Tax Portal Account Takeover Scam

• Login notifications for accounts you didn't access
• Unusual changes in registered contact information
• Requests for user IDs, passwords, or OTPs out of the blue
• Refund claims you never initiated

What To Do If You Encounter Income Tax Portal Account Takeover Scam

1. Call the cybercrime helpline at 1930 immediately if you suspect an account takeover.
2. Visit cybercrime.gov.in and file a report detailing your situation.
3. Contact your bank’s customer service to secure linked bank accounts.
4. Change your Income Tax Portal password and enable two-factor authentication.
5. Monitor your bank and tax statements for any unusual activity.
6. Alert your circle about the scam to prevent others from falling victim.

How to Report Income Tax Portal Account Takeover Scam in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?

Immediately call your bank’s helpline (e.g., SBI 1800-11-1109) and report the incident to 1930.

How to identify the Income Tax Portal Account Takeover Scam?

Look for unsolicited login notifications, unusual changes in your account details, or unexpected refund claims.

How to report this type of scam in India?

Report it to the cybercrime helpline at 1930, file a complaint at cybercrime.gov.in, and inform your bank about the suspected fraud.

How to recover money or protect my accounts after this scam?

Change your passwords immediately, inform your bank, file a report with law enforcement, and monitor your accounts for any unusual activity.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.