That Refund Message Is Probably a Trap: 7 Checks Before You Tap
The message looks helpful. Your income-tax refund is pending. Your FASTag refund is ready. Your order refund needs one last verification. The link looks official enough, the amount feels believable, and the deadline is always urgent. That is exactly why the scam works.
Refund phishing has become one of the most believable fraud formats in India because it starts with something real. People do wait for tax refunds. FASTag wallets do get recharged and corrected. Food, shopping, travel, courier, and utility refunds are common enough that a random message can land at exactly the wrong moment.
Recent reporting in February 2026 described taxpayers losing money after clicking fake refund-delay messages that copied the look of the Income Tax e-filing portal. Moneycontrol also reported a wider wave of messages exploiting income-tax refunds, 8th Pay Commission curiosity, and FASTag services. The pattern is consistent: a believable promise, an urgent link, a fake page, and a request for PAN details, bank information, login credentials, OTPs, or a small "verification" payment.
The rule to remember: a real refund does not need your UPI PIN, card CVV, net-banking password, remote-access app, or OTP sent to a stranger. If the message asks for any of those, treat it as fraud.
1. Do not trust the link just because the topic is real
Scammers copy the moment, not just the brand. Around tax season, they send income-tax refund alerts. Around toll changes, they send FASTag messages. After a delayed order, they pose as delivery support. The timing can feel personal even when the message was blasted to thousands of numbers. A real topic does not make a random link safe.
2. Type the official site yourself
If the message says your tax refund is pending, open the Income Tax e-filing portal by typing the address yourself or using a bookmark. If it mentions FASTag, check through your bank, issuer app, or an official NHAI-linked service. If it mentions an order, open the company's app and go to that order's support flow. Do not use the link in the message to "save time."
3. Watch for fake verification language
Refund scams rarely say "send me money" at the start. They say "verify account," "update KYC," "confirm PAN," "release refund," "avoid cancellation," or "complete pending process." The page may ask for details a real agency already has. That is the tell. If a refund page asks for your password, OTP, full card details, or UPI PIN, close it.
4. A QR code cannot send you money
RBI's digital safety material has warned about QR-code tricks for years. In everyday UPI use, scanning a QR code is how you send money to someone else. It is not how you receive a refund. If a caller, WhatsApp contact, or fake support page says "scan this QR to receive your refund," the next screen is trying to debit your account.
5. Be suspicious of tiny test payments
Some refund scams ask for ₹1, ₹5, or ₹10 to "validate" your bank account. That small number is meant to make the step feel harmless. The real danger is the page or collect request behind it. You may be approving a larger debit, a mandate, or a credential handoff. A genuine refund should not require you to pay first.
6. Check the sender, but do not stop there
A strange mobile number, shortened URL, misspelled domain, or WhatsApp message from a "refund officer" is obviously suspicious. But some scams use sender names, copied logos, and pages that look polished. The stronger check is behavioral: does the message push urgency, secrecy, credential sharing, remote access, QR scanning, APK downloads, or an OTP? If yes, it fails.
7. Report before more people click
If you received the message but did not lose money, report the suspicious link or WhatsApp/SMS communication on Sanchar Saathi Chakshu. The portal says suspected web links and fraud communications should be reported within 30 days for action. If money was debited, call 1930 and file at cybercrime.gov.in immediately. Save the message, sender number, URL, screenshots, and transaction references.
Why this matters for FakeOut
Refund phishing is a good reminder that suspicious content is not always a deepfake. Sometimes it is a plain SMS, a WhatsApp forward, a screenshot, or a link that arrives when you are tired, busy, or expecting money. The hard part is not knowing every scam in advance. The hard part is pausing long enough to check before the next tap.
FakeOut is being built for that pause. Drop in the suspicious message, link, screenshot, or claim before you trust it, click it, forward it, or pay because of it. The goal is simple: make the second opinion easier to get than the scam is to believe.
References
- →Financial Express: Fake income-tax refund message case, February 2026
- →Moneycontrol: Tax refund, FASTag, and salary-update scam wave
- →PIB: Income Tax Department warning on fraudulent refund emails and SMS
- →RBI: Be(A)ware booklet on digital payment fraud and QR-code scams
- →Sanchar Saathi Chakshu: Report suspected fraud communication and web links