Recently, one of our readers A.K.Shukla shared with us an image of a SMS message he had received recently:
SMS MESSAGE:
“Dear A.K.Shukla,
Incometax_Dept requires you to click the link below to submit a formal request for the remittance of your unclaimed overdue tax refund of rs.19,550. http://cdv22.com/Refund
w to submit aformal request for the remittance of your unclaimed overdue. Http://cdv22.com/Refund
Whenever the filing dates of income tax returns approaches, people start receiving fake text messages in the name of the Income Tax Department, asking people to fill in details to avail the refund applicable to them.
OUR FACT CHECK
Fact Crescendo did a fact check and found that SMS message and similar WhatsApp messages and emails as above have been received by lot of people at some time or other in last few years. Various banks and their employees are also sharing advisory about these messages to their customers to warn them about these kinds of fake messages.
Also, News18 on August 30, 2018 published an article on an alert sent by State Bank Of India (SBI) to its customers, warning them of similar fake messages. You can read about it here.
“Taxpayers are receiving emails from addresses remarkably similar to the original government one, asking them to provide their net banking details to ‘receive their refund amount‘.” Times of India did an article on this issue in July 2018. You can read the article here.
Our readers can read article published by us on this issue below:
In previous years also, fake messages which were either related to Income Tax Refunds, Bank Account details updation or even extension of last the last date of filing audit reports & Income Tax returns, keep cropping up on various WhatsApp groups, through emails and SMS messages.
Indian Computer Emergency Response Team (CERT-In), a cyber security agency under the Ministry of Electronics and Information Technology has already issued a warning advising tax payers to exercise caution.
CERT-In did a release in August title “Safeguarding from SMShing income tax refund attacks” which give a detailed description of how the message tricks people into clicking the link and extracting sensitive data such as bank account details from people.
CERT-In also advised that to create an aura of authenticity around the message these types SMShing campaigns use popular URL (Universal Resource Locator) shortening services such as bit.ly, goo.gl, ow.ly and t.co among others.
Our readers can read the PDF version of the advisory here
CERT-In Advisory Notes - Fake Mobile Applications
Recently, also CERT-In issued an advisory in November 2018 titled “Security issues of fake mobile applications”. Our readers can read it here.
CERT-In Current Activities - Safeguarding from SMShing income taxrefund attackes
Our readers can also view some samples of phishing mails here or you can visit the web-page of Income Tax Department read the report on phishing.
For our readers, we have also given below the process of identifying where these messages are coming from, even though currently we can identify the Service Telecom Operator and the Location of the Operator only.
People have been receiving SMS with some prefix like LM-ICICIB, TD-MYNTRA, MD-FACEBK. These SMS’s are actually sent by Banks, Service Providers, Social Networking sites, Companies and many other recognized organizations, institutes.
These SMSs originates from a Bulk SMS provider. The TRAI regulation insisted bulk SMS providers to restrict the “Sender ID” to minimum 6 characters.
Three characters should be used to specify who is the Bulk SMS service provider & where it’s originated from. Say for example: Referred SMS to a mobile number was received as MM-ITREFL. This was sent using a Bulk SMS provider located at MUMBAI which uses MTNL services. First character specifies which service provider the message is being originated & the second character specifies from which location it’s originated.
ITREFL purportedly stands for Income Tax Refund Efiling. ITREFL in which first 3 letter referring to “ITR” – supposedly refer to Income Tax Returns and next 3 with “EFL” supposedly stands for Efiling, the online filing of returns. This is done to confuse the receiver of SMS message and to project a semblance of authenticity of the SMS message.
To help you understand better, here is the table which has details of these SMS codes:
| Service Provider Codes: | ||
| A: Bharti Airtel and Bharti Hexacom | B: BSNL | |
| D: Aircel and Dishnet Wireless | C: Datacom | |
| H: HFCL | E: Reliance Telecom | |
| J: Jio | I: Idea Cellular, Aditya Birla Telecom | |
| M: MTNL | L: Loop Telecom and BPL | |
| R: Reliance Communications | P: Spice Communications | |
| T: Tata Teleservices, Tata Teleservices Maharashtra | S: S. Tel Ltd | |
| V: Vodafone Group of Companies | U: Unitech Group of Companies (Telenor) | |
| Y: Shyam Telecom | W: Swan Telecom | |
|
| ||
| Origin Codes: | ||
| A: Andhra Pradesh | B: Bihar | |
| E: UP (East) | D: Delhi | |
| H: Haryana | G: Gujarat | |
| J: Jammu & Kashmir | I: Himachal Pradesh | |
| L: Kerala | K: Kolkata | |
| N: North East | M: Mumbai | |
| P: Punjab | O: Orissa | |
| S: Assam | R: Rajasthan | |
| V: West Bengal | T: Tamil Nadu, including Chennai | |
| X: Karnataka | W: UP (West) | |
| Z: Maharashtra | Y: Madhya Pradesh | |
You can know more about this topic from various links we have shared with you below:
| All India Round Up | Quora.com |
| SMSGatewayCenter | SMSGatewayCenter (Id Codes) |
| The Hindu | Boom Live |
IN CONCLUSION
Fact Crescendo advises readers to be aware of these fake & fraudulent messages and to stop distributing them on WhatsApp, other social media apps and through emails. Readers can before sharing these kinds of messages, visit multiple fact checking sites and research whether a message is fake or fraudulent. We as citizens have a responsibility to nip these kinds of hoax & fake content at the first instance and not let it propagate further.
Special Thanks:
A heartfelt thanks & a special shout out for our reader A.K.Shukla < ak_shukla20@yahoo.co.in> for sending us email and photo with request to fact check this claim.
A.K. Shukla’s Email to us:
On Wed, Dec 26, 2018 at 12:09 AM A K Shukla <info@factcrescendo.com> wrote:
From: A K Shukla <ak_shukla20@yahoo.co.in>
Subject: Received attached message on 24th Dec’18
Message Body:
Dear Sir,
Received following message from MM-ITREFL.Kindly check and verify the correctness and how they get our mobile nos.and send sms.
—
This e-mail was sent from a contact form on FactCrescendo (https://factcrescendo.com)
—————————————————————————————————————————
OUR EMAIL RESPONSE TO A.K.SHUKLA
Dear A.K.Shukla,
Thank you for your email.
We did a fact check as requested, in reference to a SMS message you received from ‘MM-ITREFL’ and your additional request to check the correctness of the message and how they get your mobile nos. and send SMS messages.
Please refer the details shared below for your perusal:
For additional reference, you can also view the Hindu article here and the Boom Live article here. Both these articles were published in August 2018.
People have been receiving SMS with some prefix like LM-ICICIB, TD-Google, MD-FACEBK. These SMSs are actually sent by Banks, Service Providers, Social Networking sites, Companies and many other recognized organizations, institutes.
These SMSs originates from a Bulk SMS provider. The TRAI regulation insisted bulk SMS providers to restrict the “Sender ID” to minimum 6 characters.
Three characters should be used to specify who is the Bulk SMS service provider & where it’s originated from. Say for example: This particular SMS to your mobile number as MM-ITREFL. This was sent to you using a Bulk SMS provider located at MUMBAI which uses MTNL services. First character specifies which service provider the message is being originated & the second character specifies from which location it’s originated.
ITREFL purportedly stands for Income Tax Refund Efiling. This is done to create a semblance of authenticity in the mind of receiver of message.
In regards of sourcing your mobile numbers, that would be very difficult to ascertain. These fraudsters could have easily just sent mass messaging to all mobile numbers in a series, belonging to a particular service provider.
To help you understand better, here is the table which has details of these SMS codes:
| Service Provider Codes: | ||
| A: Bharti Airtel and Bharti Hexacom | B: BSNL | |
| D: Aircel and Dishnet Wireless | C: Datacom | |
| H: HFCL | E: Reliance Telecom | |
| J: Jio | I: Idea Cellular, Aditya Birla Telecom | |
| M: MTNL | L: Loop Telecom and BPL | |
| R: Reliance Communications | P: Spice Communications | |
| T: Tata Teleservices, Tata Teleservices Maharashtra | S: S. Tel Ltd | |
| V: Vodafone Group of Companies | U: Unitech Group of Companies (Telenor) | |
| Y: Shyam Telecom | W: Swan Telecom | |
| Origin Codes: | ||
| A: Andhra Pradesh | B: Bihar | |
| E: UP (East) | D: Delhi | |
| H: Haryana | G: Gujarat | |
| J: Jammu & Kashmir | I: Himachal Pradesh | |
| L: Kerala | K: Kolkata | |
| N: North East | M: Mumbai | |
| P: Punjab | O: Orissa | |
| S: Assam | R: Rajasthan | |
| V: West Bengal | T: Tamil Nadu, including Chennai | |
| X: Karnataka | W: UP (West) | |
| Z: Maharashtra | Y: Madhya Pradesh | |
You can know more about this topic from various links we have shared with you below:
All India Round Up
Quora.com
SMSGatewayCenter
SMSGatewayCenter (Id Codes)
Dear A.K.Shukla,
We have also published an article on this today. And you have been credited in that article for highlighting this issue again. You can read that article here.
In conclusion, it is difficult to trace the exact identity of the sender, and in this particular case as the sender could have used any of the numerous Bulk SMS provider in Mumbai. Good thing is that lot of articles have been written and published online, by various fact checkers & news media on this issue, to make the public aware against these kind of frauds.
We appreciate your efforts and interest to fact check. We hope to hear more from you in the future,so please keep sending us requests to fact check claims on your behalf.
Seasons greetings and Happy new year to you and your near dear ones, from all of us at Fact Crescendo Team.
Warm Regards,
Admin | Fact Crescendo
Fact Crescendo advises its readers to refrain from falling prey to unsubstantiated & misleading WhatsApp forwards and social media posts. When in doubt, visit various news media & fact checking websites online.
Dear Readers,
Do you feel that a certain story is fake? Do you know some additional factual details about a claim being shared on social media?
Then you can submit that claim or news here, for our team to verify and fact check for you.
Thanks,
-Fact Crescendo Team-
भारतीय सेना की तरफ से पाकिस्तान पर जवाबी कार्रवाई के दावे से वायरल वीडियो अप्रैल…
जम्मू कश्मीर के पहलगाम में हुए आतंकी हमले के बाद केंद्र सरकार ने भारत में…
यह वीडियो पहलगाम आतंकी हमले से सम्बंधित नहीं है, यह वैष्णो देवी रोपवे के विरोध…
पहलगाम हमले के बाद सोशल मीडिया पर एबीपी न्यूज की एक वीडियो रिपोर्ट के जरिए…
CAA प्रदर्शन के दौरान की पुरानी तस्वीरों को फर्जी कम्युनल एंगल से शेयर किया जा…
बीआर आंबेडकर की यह प्रतिमा चीन की नहीं बल्कि आंध्र प्रदेश के विजयवाड़ा की है,…