Cybersecurity Researchers in India Warn SBI Customers About a New Tax Refund Scam

State Bank of India doesn’t seem to catch a break. While it was reported that SBI leaked data of millions of customers, the biggest lender in the country always needs to remind its clients to be careful of various scams. Cybercriminals are quick to make use of the fact that SBI is the largest bank in India, and scam and phishing attacks against SBI customers are really common.

The one instance we would like to discuss today is the tax refund scam that was reported back in November 2019. Please note that fraudsters are always ready to recycle the same methods, so just because one wave of fraudulent messages passes, it doesn’t mean that it cannot emerge again.

What is the SBI tax refund scam about?

The tax refund scam is devised to steal personal credentials from unsuspecting users. The scam reaches SBI account holders through emails and text messages. If that rings a bell, it’s maybe because we have covered an income tax refund scam that employed text messages back in September. It just proves that attempts to trick users into giving away their sensitive information are made all the time, and people have to be careful about the messages they receive.

Albeit this new scam also deals with tax refunds, it mainly targets the SBI account holders. Consequently, if users fall for the scam and give away their sensitive information, the safety of their bank deposits at the SBI accounts might be compromised. Therefore, SBI was quick to inform its customers about the potential threat through their Twitter account. The announcement said the following:

Received any message from the Income Tax department, requesting you to put in a formal request for your refund? These messages are from fraudsters at play! Ensure you ignore and report the messages immediately.

The SBI tax refund scam is a clear phishing attempt where messages come with an outgoing link. People are supposed to click that link so they could provide their credentials and ask for a tax refund. However, when they click it, they get redirected to a fake website that looks like a legitimate income tax webpage. Consequently, some users might feel inclined to enter their details into the provided form. However, once they do that, all the information they have provided falls straight into the fraudsters’ hands.

If you wonder about your actual tax refund, you can log in to the Income Tax Department’s e-filing website, where you can check your official account’s status. Only the information provided by the official sources is reliable, so you shouldn’t fall straight into the trap just because you received a message that looks urgent. In fact, The Income Tax Department and the State Bank of India regularly release cybersecurity tips that inform their clients about the measures they can take to protect themselves against fraudsters. And one of the most important things to remember is that neither SBI nor the Income Tax Department sends out text messages or emails that collect personal information. In other words, if you get such a message, it’s definitely part of the SBI tax refund scam.

What should I do to avoid SBI tax refund scam?

SBI suggests checking out the security tips for safe online banking at their website if you want to protect yourself from fraudsters. We are going to highlight several of the aspects mentioned in those tips.

Safe Access. To avoid potential redirection and tax refund scams, it is recommended to access the SBI website only by typing the address into your browser’s address bar. The problem is that clicking a link that supposedly leads you to the website could redirect you to a malicious site. For example, if you click a link in some email you have received, you might land on a fake website that has been set up to collect sensitive data. The same applies to all the mobile apps that you use. The apps you use don’t have to be just convenient, they also need to be legitimate. If you are not sure whether the app can be trusted or not, it is a good idea to contact the bank first.

Unsolicited messages. Your bank certainly collects a lot of personal information to provide you with the best service, but they would never ask you to confirm or update that personal information via email or a text message. The same applies to phone calls, too. Therefore, SBI is adamant about emphasizing that clients should NEVER respond to such messages because it can lead to so much more than just the tax refund scam. If you think that you have been contacted by the fraudsters, you should report the scam attempt via the SBI email. And if your personal information has been leaked, you can use this link to lock your user access.

Regular security measures. Let’s not forget that you need to update your web browser to its latest version because updates come with vulnerability fixes. Also, employing an antispyware program is a must, and you should run regular system scans with the security tool of your choice. You can never know what kind of unwanted applications might be installed on your computer. Maybe someone is tracking your online activity right now, and you have no idea about it!

Finally, it is important to periodically renew your Internet banking password. This is probably one of the most basic security steps, but it is a vital one. We also know how hard it can be to come up with new passwords every single time. Hence, do not hesitate to employ useful tools that can help you with that.

Constant attempts to steal sensitive information push companies and corporations into developing and applying sophisticated security systems. However, we cannot expect our service providers to protect us from everything. Our personal data security depends on us, too. Therefore, if we learn to recognize the signs of a potential scam, we will be able to save a lot of time and money we spend, when we try to mitigate the malicious scam effects.

By Foley
February 20, 2020
February 20, 2020

Leave a Reply