Fake Income Tax Notice Alert: One Wrong Click Could Let Hackers Steal Your Data, Cybersecurity Firm Warns

In a major cybersecurity warning for Indian internet users, global security company Kaspersky has revealed that hackers are sending fake Income Tax Department emails to trap people and steal sensitive data. According to the company, a cybercriminal group known as “SilverFox” has been targeting users in India by sending fraudulent tax audit and tax violation notices that appear almost identical to official government communication.

The warning comes at a time when taxpayers across the country are preparing to file Income Tax Returns for the assessment year 2026–27. Cybersecurity experts say hackers are taking advantage of this period to create panic and trick people into downloading dangerous files. Once the attachment is opened, malicious software silently gets installed on the victim’s device, allowing attackers to gain remote access to personal and financial information.

Hackers Are Using Fake Tax Notices to Target Users

According to the cybersecurity report, the fake emails are carefully designed to look authentic. The subject lines often mention “tax violations,” “urgent audit notices,” or “pending verification,” creating fear among users. These emails usually contain a downloadable attachment that supposedly includes details of the tax issue.

However, the attachment is actually loaded with malware. As soon as the file is downloaded or executed, the victim’s system becomes infected. Experts warn that these cyberattacks are becoming more advanced and difficult to identify because the emails closely resemble genuine government notices.

Cybersecurity researchers said many people fall into the trap because the messages use official-looking logos, language, and formatting. In several cases, users reportedly believed the emails were sent directly from the Income Tax Department.

Dangerous Malware Installed Through Attachments

The report states that hackers are using advanced malware programs such as “ValleyRAT” and a newly discovered Python-based backdoor called “ABCDoor.” These tools allow cybercriminals to remotely control infected systems and monitor user activity.

Once installed, the malware can:

• Access confidential files
• Monitor screen activity
• Capture clipboard data
• Upload and download files
• Steal login credentials and banking details
• Spy on sensitive business information

Researchers explained that the attack begins with a Rust-based loader hidden inside the attachment. This loader secretly installs the malware in the background without the user noticing anything unusual.

Companies Across Multiple Countries Have Been Targeted

The cyberattack campaign is not limited to India alone. According to the findings, businesses in countries such as Indonesia, South Africa, and Russia have also been targeted. Industrial firms, consulting companies, transport operators, and financial institutions were reportedly among the major victims.

Between January and February 2026 alone, cybersecurity teams reportedly tracked more than 1,600 fake phishing emails linked to the SilverFox group. Experts believe the attackers are constantly changing domains and email addresses to avoid detection.

Why These Attacks Are So Dangerous

Cybersecurity specialists say the biggest threat comes from “social engineering.” Instead of directly hacking systems, criminals manipulate people emotionally by creating fear and urgency.

When users see terms like “Income Tax Notice” or “Audit Violation,” many immediately panic and click without verifying the source. Hackers rely on this psychological pressure to make victims act quickly.

Experts also warn that these attacks can result in:

• Financial fraud
• Identity theft
• Corporate data leaks
• Banking credential theft
• Unauthorized system access

In some cases, businesses may suffer operational disruption if hackers gain control over internal systems.

How Users Can Protect Themselves

Cybersecurity professionals have advised users to stay cautious while opening tax-related emails, especially during the ITR filing season. Some important safety measures include:

Verify Every Email Carefully

Always check the sender’s email address properly. Government departments usually use official domains and do not ask users to download suspicious files through random links.

Avoid Downloading Unknown Attachments

Never open ZIP, EXE, or unknown document files received through unexpected emails.

Use Updated Antivirus Software

Install reliable cybersecurity protection with real-time threat monitoring to block suspicious downloads automatically.

Enable Multi-Factor Authentication

Adding an extra layer of security can prevent hackers from accessing your accounts even if credentials are stolen.

Stay Alert During Tax Filing Season

Cybercriminals become more active during financial deadlines because people are more likely to trust tax-related communication.

Digital Awareness Is Becoming More Important

Experts believe cyber fraud involving fake government notices may continue to rise in the coming years. As online financial activity increases, scammers are using increasingly sophisticated methods to target ordinary users as well as businesses.

Cybersecurity firms say awareness remains the strongest defense. Users are advised to avoid clicking on links or downloading files from unknown emails without verification. A single careless click can expose sensitive personal and financial data to cybercriminals.

With digital fraud evolving rapidly, staying informed and cautious has now become just as important as using strong passwords or antivirus protection.