Why Tax Season Is a High-Risk Period
The tax filing season, particularly for Assessment Year 2026-27, is a period of heightened financial activity. For most individual taxpayers, the deadline is July 31, 2026. This period sees a surge in transactions, including tax payments and the anticipation
of refunds, creating a fertile ground for scammers. Fraudsters exploit the sense of urgency and the large volume of financial communications to trick individuals. They often send messages about fake refunds or create panic to make people bypass their usual security checks.
Common Scams to Watch For
Fraudsters use several tactics to exploit UPI users. One common method is the fraudulent 'Collect Request,' where they send a payment request disguised as a refund, tricking you into entering your PIN to approve a debit from your account. Another is phishing, where fake emails or SMS messages containing malicious links redirect you to websites that steal your credentials. Scammers also impersonate officials from banks or the tax department to gain your trust and solicit sensitive information like your PIN or OTP. Be wary of unsolicited QR codes, as scanning them can lead to unauthorized payments.
Your Pre-Filing UPI Security Checklist
Before you begin the tax-filing process, fortify your UPI account with these essential practices. First and foremost, never share your UPI PIN with anyone; it is only required for sending money, not receiving it. Always verify the recipient's name and UPI ID before confirming a transaction. Enable two-factor authentication and use strong, unique passwords for your banking and UPI apps. It's also wise to keep your mobile PIN different from your UPI PIN. Regularly monitor your transaction history for any unauthorized activity and ensure your UPI apps are updated to the latest version, as these often contain critical security enhancements.
Strengthening Your Digital Defences
Beyond the UPI app itself, your overall digital hygiene is crucial. Secure the mobile number and email address linked to your bank and income tax portal accounts, as these are often targets for account takeovers. Avoid using public Wi-Fi for financial transactions and download apps only from official sources like the Google Play Store or Apple App Store. The National Payments Corporation of India (NPCI) mandates that UPI apps incorporate advanced security measures, including preventing apps from running on rooted devices or those with screen-mirroring apps active. As a user, ensuring your device and apps are compliant adds another layer of protection.
What to Do If You Become a Victim
If you suspect you've been a victim of UPI fraud, swift action is critical. First, immediately report the fraudulent transaction to your UPI service provider (like Google Pay or PhonePe) and your bank. Next, call the National Cybercrime Helpline at 1930 to try and block the fund transfer. You must also file a formal complaint on the National Cybercrime Reporting Portal at cybercrime.gov.in. You can then escalate the issue with the NPCI's own dispute redressal mechanism if the issue isn't resolved by your bank or UPI app.
