How can they prevent phishing attacks?
Is India’s Income Tax Department Doing Enough?
In one of the recent posts last month - US Scammers Sending Fake Tax Forms - Beware! - we shared that one of the biggest new-age challenges for any tax authority in any country is not the actual tax collection, but that of a battle against identity theft. The Indian tax authorities face a similar challenge with their taxpayers being subject to fictitious and malicious attempts to get their identities and use it for example for siphoning money from their bank accounts.
The Indian Income Tax Department (ITD) is flooded every day with grievances and complaints from innocent victims that have fallen prey to fraudsters, who have swindled crores of rupees from the public using false Income Tax Returns (ITR) notices.
The Modus Operandi
The modus operandi of all these rackets is broadly similar. The fraudsters send ITR notices for payment/ refund to unsuspecting victims via SMS, emails or letters. These genuine-looking documents are made to look like they originated from the tax authorities. (Some samples here). The victim is instigated to click on phishing URLs or links or QR codes, by creating a sense of urgency. People are gullible and become easy prey for such attempts. In the process, they are asked for account numbers and other details ostensibly to credit the money & soon money is siphoned off from their accounts ! Oftentimes, there is a call-in number on the communication and all subsequent interactions are manipulated via an ‘IT official’ who directs the entire sequence.
While the ITD is attempting an entire educational campaign on phishing scams, it is not enough.
Sample Image below - Beware of Phishing Banner -
In addition, the ITD has also created a small tab on its website where people receiving such notices may verify them. Theoretically, this is a step in the right direction, and yet, in a country as vast and varied as India; many users may not be IT savvy to go into an income tax website and validate their documents. Moreover, this method still relies on a database query to retrieve the information and that’s not very secure
So what is the solution to fix such Income-tax communication scams?
So, is there a straightforward method to avoid these potential scams and stop the fraudsters from skimming such hapless victims?
Thankfully, there is a secure QR code solution. A secure QR code solution would necessarily mean all such notices and communication from the income tax department could come encrypted with a single, simple, secure QR code which has the critical information embedded in it and can be easily verified on-demand. This will automatically eliminate any tampering with the communication or the forging of/unauthorised creation of similar documents. Moreover, the secure QR code-based system does not depend on database access to the Income Tax department’s core systems as the information is self-contained in the QR code. This gives the freedom and flexibility to the taxpayers to validate whether the communication indeed generated from the department while maintaining security and privacy at the same time.
The following diagram is self-explanatory. Typically the key elements of the communication are encrypted into a secure QR code. In the example below, they are : Tax payer’s name, PAN number, the document reference number, the assessment year and the date of issue of the document. This secure code is tamper-proof and can only be generated by the ITD. Scanning the code with an authorized app or through a web validation mechanism, authenticates and confirms the information on the letter or email.
Communication with Secure QR code
The rapid growth in the use of smartphones has made it possible for easy verification of any such request or document for senior citizens / non IT savvy users. They would just need to scan the QR code with an authorized app (could be the Income-tax department’s app) and take appropriate action. This app can even be integrated for payment purposes with banks, wallets, UPI and so on. The document can be verified whether it is in a physical or an electronic format.
This single innovation could dramatically change the way millions of taxpayers across India interact with the Income-tax department and improve trust and confidence in its communication. The Income-tax department will now have the flexibility to streamline its entire document generation and distribution process by making every important document secure, easily verifiable, and more importantly protect its database from being accessed by third parties.
An additional benefit also would be that once these codes which have been generated for a specific purpose, have outlived their utility, the same can be revoked and invalidated to prevent misuse. For example, once a QR code-based payment transaction is completed, the same Secure QR code can’t be used again for that purpose to avoid double payments and errors.
The above is an example of how a simple, highly secure QR code can be used in the context of a government department like the income tax, for enhancing customer satisfaction, protecting them from scams, and providing general convenience while addressing security and privacy.
Some other articles which maybe of interest