The Reveal Platform
Intel Name: Indian income tax-themed phishing campaign targets local businesses
Date of Scan: December 29, 2025
Impact: High
Summary: A recent phishing campaign targeting Indian businesses leverages Income Tax Return (ITR)–related themes to appear legitimate and trustworthy. Attackers impersonate the Indian Income Tax Department (ITD) by sending fake “Tax Compliance Review Notice” emails, exploiting public concern around refund timelines. These emails initiate a multi-stage infection chain that ultimately delivers Remote Access Trojans (RATs) or infostealer malware, enabling persistent access and data theft. The campaign highlights how seasonal tax events are abused by threat actors to increase the success rate of phishing attacks against local organizations.
