/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Security experts in Symantec has cautioned tax payers of a large scale pishing attack just when tax payers are set to file their annual returns.
Here are inputs from Ratnamala Dam Manna, Director, Security Technology and Response, Symantec:
Situation backgrounder
As per the last count, India has a tax-paying population of 31.5 million and with citizens getting increasingly prosperous and entering the tax bracket, the number is bound to increase. Furthermore the entire process has become less cumbersome for the average tax-payer since it has gone online. Add to that, the fact that India today has a burgeoning broadband penetration and a steadily increasing tech savvy population.
The popularity of online filing has increased again this year, with online filing of returns hitting a new high. No wonder then, they have entered the radar of cybercriminals.
Scammers offer you Tax Refunds
Fraudsters never seem to rest. They now have turned their attention towards phishing on the Indian Income Tax Department. It is the season of tax returns in India and it is known that people will file their income tax returns during this time of fiscal year in India. Hence, phishers have chosen the right time to phish the market as most of the users are not aware of these attacks.
Attackers send emails with subject line as “ Tax Return!“ with the below content:
“Dear applicant, After the last annual calculation of your fiscal activity we have determined that you are eligible a tax refund of XXX Rupees. To access the form for your tax refund please click here.”
There is a link as “Tax Refund Online Form” in this email that leads to a phishing site which is a spoof of the Indian Tax Department site “incometaxindia.gov.in”. The webpage ask customers to submit their sensitive information like personal information, bank and credit card details.
Below is a sample phishing site:
/ciol/media/post_attachments/76b503022565a225365086b80ee839e445577ba077312a9dd962892574a393cc.jpg "publive-image")
After submitting the information the page redirects to the legit site of Indian Tax Department. The domain name of the fraud site is hosted on US based servers.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
Caution:
* Please be careful regarding such kind of emails and URLs.
* Do not visit any links in the emails.
* Do not enter any of your details this kind of sites.
* Please use the legit site of http://www.incometaxindia.gov.in/ for any help regarding the income tax refund.