Government of India
                                  Ministry of Finance
                               Department of Revenue
                             Central Board of Direct Taxes

                                   PRESS RELEASE

                                                                 New Delhi, 5th February, 2016

Sub:­ Steps taken by Income Tax Department for safeguarding taxpaye rs from Phishing
email - regarding

The Income Tax Department has been at the forefront of using technology in implementing its ­
e-Governance initiatives. Most of its routine communication to taxpayers is through email and
SMS. Therefore, the Department is very sensitive and alert to attempts made by fraudsters to
spoof the Department's identity to send phishing emails. To ensure that taxpayers are aware that
the Department does not seek any confidential or financial information of the taxpayer over
email, the below mentioned advisory has been prominently displayed on the national website:

 "The Income Tax Department NEVER asks for your PIN numbers, passwords or similar access
 information for credit cards, banks or other financial accounts through e-mail.

 The Income Tax Department appeals to taxpayers NOT to respond to such e-mails and NOT to
 share information relating to their credit card, bank and other financial accounts."






The Do's and Don't's to ensure that the gullible taxpayers do not inadvertently play into the
hands     of       fraudsters      are   clearly     mentioned       on      the     website:
http://www.incometaxindia.gov.in/Pages/report-phishing.aspx. All taxpayer reports of phishing
emails are forwarded to incident@cert- in.org.in which is a Government of India agency
mandated to fight against such threats.

Further, the Department has implemented best practices such as SPF (Sender Policy
Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message
Authentication, Reporting & Conformance) for its email domains. Use of these protocols
enables the e-mail receiver domains such as Gmail, Yahoo, Hotmail etc to determine whether or
not a received e- mail is actually from the defined sender such as the Department and block
phishing emails from reaching the taxpayer.

Taxpayers are advised to follow these simple checks if they do receive any email purporting to
be from the Income Tax Department:

        Check for the domain name carefully. Fake emails will have misspelt or incorrect
        sounding variants of websites of the Income Tax Department.
        Check the message header ­ for example in Gmail it can be viewed by selecting the
        option `Show Original'.
        Do not open such emails in spam or junk folder and do not reply to such emails.
        Do not open any attachments. Attachments may contain malicious code.
        Do not click on any links. Even if you have clicked on links inadvertently in a
        suspicious e- mail or phishing website then do not enter confidential information like
        bank account, credit card details.
        Do not cut and paste the link from the message into your browsers.
        Forward the phishing emails to incident@cert- in.org.in with a request to examine and
        block the sender.
        Use anti-virus software, anti spyware, and a firewall and keep them updated.






Income Tax Department is committed to encouraging taxpayers to engage with it electronically
by following safe and best practices.

                                                                            (Shefali Shah)
                                                    Pr. Commissioner of Income Tax (OSD)
                                                             Official Spokesperson, CBDT