If you happen to receive an email from the 'tax department' promising a generous tax refund, stop rubbing your hands in glee. It could well be the handiwork of a fraudster fishing for your bank account details, credit card number and a few other private data.
Usually sent to office email addresses, the mail is a cleverly crafted note with a hyperlink to the home page of the Reserve Bank of India.
The receiver is requested to share personal and account details on what is seemingly a linked page on the central bank website.
The fraud mail originates from the 'tax refund department', bears the address 'firstname.lastname@example.org' and has a subject line which says 'tax refund notification alert'. The language and format of the mail is strikingly similar to any formal correspondence from the I-T department. It addresses the receiver of the mail as 'Dear valued taxpayer' and goes on to say that you are "qualified for a refund which could run into as much as Rs 50,000". The mail asks the reader to 'click' on the hyperlink to place a tax-refund request.
The hyperlink opens to the homepage of the RBI, but the website address panel shows www.chatbordel.de. The page asks for bank name, ATM number, ATM PIN number, CVV number, card expiry date and transaction password.
Upon getting details like card number, CVV and expiry data, miscreants could carry out unauthorised purchases and online fund transfers.
In fact, RBI has been warning customers against phishing and fraud mail chains for a few years. "The Reserve Bank or banks never issue communication asking for bank account details for any purpose," said a notice on the Reserve Bank of India website.
The central bank has issued advertisements to caution the general public not to respond to such mails.