I-T Dept cautions taxpayers against sharing PINs, passwords

Income Tax Department today cautioned taxpayers not to share their PIN or password of mails saying it never ask for such details.
In a statement the department said it is to ensure that taxpayers are aware the department does not seek confidential or financial information of the taxpayer over email.
"The Income Tax Department never asks for your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts through e-mail," it said.
"The Income Tax Department appeals to taxpayers not to respond to such emails and NOT to share information relating to their credit card, bank and other financial accounts," it added.

The Income Tax Department has been at the forefront of using technology in implementing its e-governance initiatives, it said, adding, most of its routine communication to taxpayers is through email and SMS.
"Therefore, the department is very sensitive and alert to attempts made by fraudsters to spoof the Department's identity to send phishing emails," it said.

The statement further said all taxpayer reports of phishing emails are forwarded to incident@cert-in.Org.In which is a government of India agency mandated to fight against such threats.
Further, the department has implemented best practices such as SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) for its email domains.

Use of these protocols enables the email receiver domains such as Gmail, Yahoo, Hotmail etc to determine whether or not a received email is actually from the defined sender such as the Department and block phishing emails from reaching the taxpayer, it said.
Listing out dos and don'ts, it has asked the taxpayers to check for the domain name carefully as fake emails will have miss-pelt or incorrect sounding variants of websites of the Income Tax department.
"Do not open such emails in spam or junk folder and do not reply to such emails. Do not open any attachments. Attachments may contain malicious code," it said.

Do not click on any links and even if you have clicked on links inadvertently in a suspicious e-mail or phishing website then do not enter confidential information like bank account, credit card details, it added.