Fraudsters never seem to rest. They have now turned their attention towards phishing using the Indian Income Tax Department’s name and branding. It is the season of tax returns in India and it is well known that people will file their income tax returns for the end of the fiscal year in India. Hence, phishers have chosen the right time to phish the market since most users will not be aware of these attacks.
Attackers are sending spam email messages with subject lines such as, “Tax Return!“ with the below body text:
_
“Dear applicant, After the last annual calculation of your fiscal activity we have determined that you are eligible a tax refund of XXX Rupees. To access the form for your tax refund please click here.”_
The link that is provided is titled “Tax Refund Online Form” and it leads to a phishing site that is a spoofed version of the Indian Tax Department site, incometaxindia.gov.in. The phishing Web page asks customers to submit their sensitive information such as personal information and bank or credit card details.
Below is a screenshot of one such phishing site:
After submitting the information the page redirects to the legitimate site of the Indian Tax Department. The domain name of the fraudulent site is hosted on U.S.-based servers.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
Caution:
- Please be very careful when handling suspicious emails and URLs that are seeking personal information.
- Do not visit any links in email messages of dubious origin or intent.
- Do not enter any of your details on these kinds of sites.
- Please use the legitimate site of http://www.incometaxindia.gov.in/ for any help regarding an income tax refund in India.