/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/01/ID-100167372.jpg)
MUMBAI, INDIA: Mails have been floating around and if Symantec has captured it right, it's a sign of grave concern.
During the last three months, Symantec has observed malicious emails claiming to be from the Income Tax Department of India. There have been at least two types of emails in circulation. While each email differs in its template, the goal is the same: to infect computers with an information-stealing Trojan that logs keystrokes.
Symantec Security Response has observed two types of emails masquerading as the Indian Income Tax Department. The most popular type announces that thousands of rupees have been deducted from the recipient’s bank account as a tax payment. The emails also contain an attached file that claims to be a receipt for the payment. The alleged receipts are ZIP files that contain information-stealing malware that Symantec detects as Infostealer.Donx.
The other type of email it observed is more detailed than the first. This is because it copies the template of an actual intimation sent by the Income Tax Department. It makes reference to the PAN, or Personal Account Number, which is used to identify taxpayers in India. The attached ZIP file is not password-protected. Contrary to what the email claims, the ZIP file does not contain a PDF. Instead, it contains another information-stealing Trojan that Symantec detects as Trojan.Gen.
What's more disconcerting is that in an effort to make the emails look more convincing, the attackers have spoofed the domain for email addresses belonging to the Income Tax Department of India.
Symantec says its telemetry showed that 43 per cent of these malicious scam emails were delivered to users in India, followed by the United States (20 per cent), and the United Kingdom (14 per cent). It also believes that the emails received outside of India are likely linked to the fact that many Indian nationals also reside in other countries.
In India, the Income Tax Department does send intimation emails to taxpayers. While these emails include attachments, they are password-protected using the taxpayer's PAN as well as the date of birth for individuals or date of incorporation for non-individuals. This information is unique to each individual or corporation and adds credibility that the source of the email is the Income Tax Department.
Symantec advises caution when receiving unsolicited emails claiming to be from the Income Tax Department of India, or any other tax office for that matter.
Some other key ways to stay safe: Do not open attachments or click on links in suspicious email messages; Ensure that your computer is fully patched and up to date and keep security software up to date with the latest definitions.