If You Get This SMS On Income Tax Refund, Beware It's A Russian Scam With Thousands Of Victims
It¡¯s easy to get suckered into an online scam, even when you¡¯re generally cautious. So when we tell you there¡¯s a new Income-Tax related scam doing the rounds here in India, you need to pay close attention.
It's easy to get suckered into an online scam, even when you're generally cautious. Phishing mails can be very convincing to the untrained eye. So when we tell you there's a new Income-Tax related scam doing the rounds here in India, you need to pay attention.
Karthik Srinivasan a freelance communications consultant for digital marketing posted a curious story to Twitter earlier today. He described receiving a text message, supposedly from the Income Tax department, saying he was eligible for a tax rebate.
I got this text message yesterday. It looked completely authentic. The amount looks real too, and not rounded off! It was very tempting to click the link and know more. Then I remembered something I use extensively in the background. @Bitly, the company behind the 1/5 pic.twitter.com/NqAa40sIMI
¡ª Karthik (@beastoftraal) December 13, 2018
This is obviously a plausible message, and further inspection of the message doesn't turn up any glaring mistakes, name changes, or sender details that might tip a person off. Luckily though, Srinivasan said he remembered the Bitly URL shortening tool (something he uses often in his line of work) allows you to reverse search a shortened link to see where it's taking you and how many clicks it's received. Upon doing that, Srinivasan found the URL led to a Russian domain (surprise surprise eh?), and the URL had only been created a day before.
3/5 bitly URL mentioned in the text message. And this is what I got!! A Russian domain (dot ru!). Sure-shot spam! And then, look at the details!
¡ª Karthik (@beastoftraal) December 13, 2018
1. Created on December 11, just a day before. pic.twitter.com/OKLCZRMjF1
In just a day or so, that scam link has managed to dupe more than 4,000 people, as evidenced by the clicks. Even worse, 3,869 of those clicks came from India.
Another Twitter user eventually responded to the tweet, saying they'd clicked on the link, and posted an image of the site it took you to. Frankly, it's an incredibly well-polished site that pretends to be a portal for SBI, letting the hackers steal details like your name, phone number, PAN number, and bank account.
See the website pic.twitter.com/ibZKKBpze7
¡ª Aboobacker MK (@_tachyons) December 13, 2018
And this is exactly why it pays to be cautious no matter how authentic a communication you receive looks. At the very least, maybe you've learned a new trick today to scout short URLs before clicking.