Press
Information Bureau
Government of India
Ministry of Finance
Government of India
Ministry of Finance
05-February-2016
14:37 IST
Steps
taken by Income Tax Department for safeguarding taxpayers from Phishing emails
The Income Tax Department has been at
the forefront of using technology in implementing its –e-Governance
initiatives. Most of its routine communication to taxpayers is through email
and SMS. Therefore, the Department is very sensitive and alert to attempts made
by fraudsters to spoof the Department’s identity to send phishing emails. To
ensure that taxpayers are aware that the Department does not seek any
confidential or financial information of the taxpayer over email, the below
mentioned advisory has been prominently displayed on the national website:
“The
Income Tax Department NEVER asks for your PIN numbers, passwords or similar
access information for credit cards, banks or other financial accounts through
e-mail.
The
Income Tax Department appeals to taxpayers NOT to respond to such e-mails and
NOT to share information relating to their credit card, bank and other
financial accounts.”
The Do’s and Don’t’s to ensure that the gullible taxpayers do not
inadvertently play into the hands of fraudsters are clearly mentioned on the
website: http://www.incometaxindia.gov.in/Pages/report-phishing.aspx.
All taxpayer reports of phishing emails are forwarded to
incident@cert-in.org.in which is a Government of India agency mandated to fight
against such threats.
Further, the Department has implemented best practices such as SPF
(Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC
(Domain-based Message Authentication, Reporting & Conformance) for its
email domains. Use of these protocols enables the e-mail receiver domains such
as Gmail, Yahoo, Hotmail etc to determine whether or not a received e-mail is
actually from the defined sender such as the Department and block phishing emails
from reaching the taxpayer.
Taxpayers
are advised to follow these simple checks if they do receive any email
purporting to be from the Income Tax Department:
- Check
for the domain name carefully. Fake emails will have misspelt or
incorrect sounding variants of websites of the Income Tax Department.
- Check
the message header – for example in Gmail it can be viewed by selecting
the option ‘Show Original’.
- Do
not open such emails in spam or junk folder and do not reply to such
emails.
- Do
not open any attachments. Attachments may contain malicious code.
- Do
not click on any links. Even if you have clicked on links inadvertently
in a suspicious e-mail or phishing website then do not enter confidential
information like bank account, credit card details.
- Do
not cut and paste the link from the message into your browsers.
- Forward
the phishing emails to incident@cert-in.org.in with a request to examine
and block the sender.
- Use
anti-virus software, anti spyware, and a firewall and keep them updated.
No comments:
Post a Comment