India government has issued a public alert warning citizens about a fraudulent email circulating with the tag of the Press Information Bureau (PIB), falsely asking recipients to download an “e-PAN card”. Authorities cautioned that the message is part of a phishing attempt designed to extract sensitive financial information and urged people not to interact with such communications.
The warning was shared on social media, where the government clarified that the email is not legitimate and advised recipients to remain vigilant.
In a post on
⚠️This Email is #Fake
✅ Do not respond to any emails, links, calls & SMS asking you to share financial & sensitive information
➡ Details on reporting phishing e-mails: https://incometaxindia.gov.in/pages/report-phishing.aspx”
What the fake e-PAN email scam looks like
The fraudulent email reportedly carries the PIB label in an attempt to appear official and trustworthy. Recipients are prompted to download an electronic PAN card, a request that cybersecurity experts say is a common tactic used by attackers to lure individuals into clicking malicious links or downloading infected files.
Officials emphasized that such emails are designed to harvest personal and financial data. Once a user clicks a malicious link or opens a harmful attachment, attackers may gain access to sensitive information or infect devices with malware.
Income Tax Department’s warning on phishing emails
The Income Tax Department has reiterated that it does not request confidential financial details through email communications.
According to the department’s advisory: “The Income Tax Department does not request detailed personal information through e-mail.”
It further stated: “The Income Tax Department does not send e-mail requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.”
What is phishing and how it works
Phishing refers to cyber fraud in which attackers impersonate trusted institutions to obtain sensitive information such as usernames, passwords and credit card details.
Such attacks often arrive through emails or instant messages that appear to originate from legitimate organizations. Victims may be directed to a counterfeit website designed to resemble an official portal, where they are prompted to enter personal information.
The Income Tax Department explains: “Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”
What to do if you receive a suspicious tax-related email
Authorities have issued clear guidance for individuals who encounter emails claiming to be from the Income Tax Department or directing them to a tax-related website.
- Do not reply to suspicious emails.
- Do not open attachments, which may contain malicious software capable of infecting devices.
- Do not click on links embedded in such emails.
Avoid copying or pasting suspicious links into a web browser, as phishing links may appear genuine but redirect to fraudulent sites.
Officials also recommend keeping anti-virus, anti-spyware software and firewall protections updated, as some phishing messages contain hidden programs designed to track online activity or compromise systems.
How to report phishing emails in India
The government has urged recipients of suspicious tax-related messages to report them immediately.
If an email appears to impersonate the Income Tax Department, it can be forwarded to webmanager@incometax.gov.in. Authorities also advise sending a copy to incident@cert-in.org.in, the national cyber incident response centre.
After forwarding the message or its internet header information, users should delete the email from their inbox.
For phishing messages unrelated to the Income Tax Department, citizens can directly report them to incident@cert-in.org.in
