Tuesday, February 9, 2016

IT department receives phishing scam complains from thousands of victims





The Income Tax department estimates several crores have been siphoned off by scamsters who trick taxpayers into parting with bank account numbers and passwords with mails purportedly sent by I-T dept.

The income-tax department has received thousands of complaints from taxpayers duped of several crores of rupees by phishing scamsters.

While the all India figure is not quantified, the alarming situation has prompted the Central Board of Direct Taxes to issue an advisory on phishing scam in which taxpayers received mails purportedly sent by the income tax department promising huge tax refunds.

The department has received several thousand of complaints from disgruntled tax payers, especially from small towns and remote areas, who have been swindled into sharing personal information like bank accounts, pin number, passwords and credit card details.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

A senior I-T official said, "It is a nationwide fraud involving tax refunds and tax receipts by using fraudulent emails. There has been an outburst of fake emails detected claiming to be from the department."

The fraudsters are easily duping people as this is the tax-proof submission season. "We expect such cases to increase till the end of this financial year. Some of them (taxpayers) are still receiving refunds from the I-T department after having verified their returns recently."

"So far, it looks that taxpayers have lost crores of rupees by responding to such lures, and the count is increasing substantially," he said.

Such fake mails offers tax refund starts from Rs 25,000 which goes up to Rs 1 lakh.

According to the tax sleuths, the websites from where such mails are sent are orginating in Latin America and Africa.

According to the cyber crime experts, over the last three months, two types of malicious emails claiming to be from the tax department have been detected.

One mail claims thousands of rupees have been deducted from the recipient's bank account as a tax payment and contains an attached file that had a "receipt" for the payment. The receipt—a zip file named "Income Tax Receipt"—has malware, if you run them, they are key loggers which send all the information to the hackers.

The other type of email copies the template of an actual intimation sent by the I-T department and makes reference to PAN. The contain email ids such asadmin@cpc.gov.in, which the taxpayers believe to have come from the tax department. This mail asks for mobile verification and then bank account details including password and account numbers etc.

Satnam Narang, a cyber security expert tracking such phishing emails, said, "In an effort to make the emails look more convincing, the attackers have spoofed the domain for email addresses belonging to the I-T department.

"Such emails addresses are-- admin dept[@]incometax.gov.in cpc[@]incometax.gov.in , admin[@]incometax.gov.in ,efilingwebmanager[@]incometax.gov.in and intimationz[@]cpc.gov.in." he said.

dna has learnt that tax department does send intimation emails to taxpayers. While these emails include attachments, they are password-protected using the taxpayer's PAN as well as the date of birth for individuals or date of incorporation for non-individuals. The I-Tdepartment never asks for bank details. This information is unique to each individual or corporation and adds credibility that the source of the email is the department, so taxpayers should be able to differentiate between the fake and the original communication.


According to the recent cyber security report, losses from Nigerian scams aka lottery scam totaled $12.7 billion in 2013. Report says people in the US, UK, and India fell for the most scams. About 43% of these malicious scam emails were delivered to users in India, followed by the US (20%), and the UK (14 %). It is observed that the emails received outside of India are likely linked to the fact that many Indian nationals also reside in other countries. Among these, the portion of tax related malicious mail is less, but it has shown a phenomenal increase from last one year, said a cyber expert.

No comments:

Post a Comment

Search here anything you like