What to do if I shared my Aadhaar number in a phishing scam?

Immediately contact your Aadhaar issuing authority to lock or suspend your Aadhaar number. You can also reach out to UIDAI at their helpline 1947 for guidance.

How can I recognize Income Tax Refund Phishing scams?

Look for email or SMS that promise instant refunds, contain links to non-.gov.in domains, or ask for sensitive information. Be cautious of attachments that require enabling macros.

How do I report an Income Tax Refund scam in India?

You can report the scam to the cybercrime helpline at 1930 or file a report at cybercrime.gov.in. It’s also advisable to inform your bank immediately if you shared any sensitive information.

How do I recover my money or protect my accounts after falling for this scam?

Contact your bank immediately to report the incident and freeze your accounts if necessary. Change all your passwords and enable two-factor authentication. Additionally, you can file a complaint on cybercrime.gov.in for further assistance.

Income Tax Refund Phishing with Ransomware

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: Phishing, Government Impersonation, KYC

How Income Tax Refund Phishing with Ransomware Works

Overview: This digital scam takes advantage of India’s tax season, luring individuals with emails or SMSs about pending Income Tax refunds. The messages look authentic, complete with official tax department logos and lingo. However, clicking the provided link or downloading attachments leads to ransomware, encrypting vital documents and demanding ransom, sometimes in Bitcoin. This puts taxpayers, especially salaried professionals, at risk of data loss and financial trouble. How It Works: Scammers blast mass emails and SMSs to random users timed around tax filing deadlines. The messages urge users to check their eligibility or update their bank details to receive their refund. The links lead to webpages cloned to look like the Income Tax department's portal, asking users to sign in or download a form. The download is laced with ransomware that locks your files. Later, a ransom demand pops up, threatening to permanently erase documents if not paid. India Angle: These scams use Hindi/English and replicate Indian government format, including PAN fields and regional bank logos. Peak periods include March–July, during tax return processing. Victims are typically salaried professionals and business owners from all Indian metros. Real Examples: Sample message: ‘Your ITR process is delayed. Update bank account by clicking here: incometaxrefunds.live. Last date today.’ Attachments are named ‘TaxRefundForm2026.docm’. Red Flags: 1. Messages about urgent tax refunds or delays. 2. Links to non-government domains claiming government authority. 3. Unsolicited downloads or macro-enabled forms. 4. Requests to input PAN or Aadhaar on unofficial sites. Protective Measures: - Never click on tax-related links in messages during refund season. - Verify the sender and URLs – official sites always end with gov.in. - Never enable macros in downloaded forms. - Update all devices with latest security patches as per CERT-In advisories. - Use strong and up-to-date antivirus tools. If Victimised: - Disconnect from internet to avoid further spread. - Report to National Cyber Crime Helpline 1930 and cybercrime.gov.in immediately. - Recover files from safe, offline backups if available. Don’t pay ransom to avoid funding more scams. - Alert your local Income Tax office about the phishing attempt. Related Scams: - Pan card update SMS phishing. - GST refund fake email scams. - Fake RBI direct benefit transfer phishing.

How This Scam Works — Detailed Explanation

As tax season arrives in India, scammers target unsuspecting individuals with enticing promises of pending Income Tax refunds. They exploit platforms like WhatsApp, email, and SMS to reach their victims, often mimicking the style and logos of the Income Tax Department. These messages can appear quite convincing, showing signs like official branding and tax jargon, which might persuade individuals to click on links or download attachments without a second thought. The culprits may utilize various data mining techniques to identify individuals who might be expecting tax refunds, including salaried professionals who have recently filed their returns, creating a lure that is hard to resist.

Scammers employ a series of psychological tricks to maximize their success. First, they induce a sense of urgency, claiming that the refund must be claimed quickly to avoid penalties or complications. This tactic plays on the natural human instinct to avoid loss, pushing victims to act hastily. Moreover, these fraudulent messages often contain no spelling errors or other obvious mistakes, which helps them to pass as legitimate communications. They usually redirect the potential victims to websites that mimic real government portals—often ending in non-.gov.in domains—and ask for sensitive information like Aadhaar numbers, bank details, or OTPs under the guise of processing their refunds.

Once a victim interacts with the scam by clicking the provided link or downloading an attachment, the real trouble begins. The malware installed on their device typically encrypts critical files, rendering them inaccessible. Many users may find their essential documents—ranging from personal records to important financial statements—held hostage. The attackers then demand a ransom, which could often range significantly in terms of payment methods, with some demanding payment in Bitcoin to further obscure their identity. This puts the victims in a distressing position, as not paying could mean permanent data loss, with no guarantee that the scammers will actually release the files even after payment. Cases have emerged where individuals, having lost vital data, ended up with serious financial setbacks.

The impact of such scams on the Indian landscape is significant. As of 2022, victims of various phishing schemes—including those targeting tax refunds—reported losses amounting to over ₹2,000 crore. This trend has raised the alarm for authorities such as the Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI), which have issued advisories urging citizens to remain vigilant. CERT-In (Computer Emergency Response Team) has provided alerts on these threats, advising the public to closely monitor their communications for any such scams and report any suspicious activities. The frequency of these scams appears to increase during tax season, so taxpayers must remain particularly cautious at this time.

It is crucial to understand how to distinguish between genuine tax communications and phishing attempts. Legitimate messages from the Income Tax Department will only come from official .gov.in email addresses and will not contain any links requesting sensitive information. Additionally, the department will never ask you to download attachments as a part of any refund process. Always verify any refund claims through the official income tax portal or contact helplines for clarity before taking any action. Maintain a healthy skepticism towards any unsolicited messages during tax season to safeguard your finances and personal data.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Income Tax Refund Phishing with Ransomware Target?

General public across India

Red Flags — How to Identify Income Tax Refund Phishing with Ransomware

Email/SMS promising instant tax refunds
Links to non-.gov.in domains for official business
Requests for sensitive info on cloned sites
Macro-enabled refund forms or email attachments

What To Do If You Encounter Income Tax Refund Phishing with Ransomware

Report suspicious emails or SMSs related to tax refunds to the cybercrime helpline at 1930 or on cybercrime.gov.in.
Do not click on any links or download attachments from unverified sources.
Check your income tax status directly through the official government portal.
Enable two-factor authentication on your banking apps and online portals.
Educate family members about the risks of phishing scams during tax season.
Regularly back up important files to avoid data loss from ransomware attacks.

How to Report Income Tax Refund Phishing with Ransomware in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my Aadhaar number in a phishing scam?: Immediately contact your Aadhaar issuing authority to lock or suspend your Aadhaar number. You can also reach out to UIDAI at their helpline 1947 for guidance.
How can I recognize Income Tax Refund Phishing scams?: Look for email or SMS that promise instant refunds, contain links to non-.gov.in domains, or ask for sensitive information. Be cautious of attachments that require enabling macros.
How do I report an Income Tax Refund scam in India?: You can report the scam to the cybercrime helpline at 1930 or file a report at cybercrime.gov.in. It’s also advisable to inform your bank immediately if you shared any sensitive information.
How do I recover my money or protect my accounts after falling for this scam?: Contact your bank immediately to report the incident and freeze your accounts if necessary. Change all your passwords and enable two-factor authentication. Additionally, you can file a complaint on cybercrime.gov.in for further assistance.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.