Symantec previously reported a phishing attack on the Indian Income Tax Department. Phishing emails boasting of tax refunds were sent to users in an attempt to entice citizens to enter their credentials on a bogus website. Recently, new attacks have been observed in which the phishing website states that taxes can be paid online. As the fiscal year in India draws to an end, more people are rushing to pay taxes before the deadline.
There are two types of tax payments in India; namely, TDS (Tax Deducted at Source) and TCS (Tax Collected at Source). Customers can pay their taxes using the e-payment facility that requires sensitive information, such as personal information and bank or credit card details. Below is a screenshot of the phishing page:
The phishing website has mimicked the legitimate one in order to steal customers’ sensitive information. However, the phishing page is not SSL encrypted—the legitimate page is. The attack was driven from IP-based domains hosted on servers located in the United States.
• Please be very careful when handling suspicious emails and URLs that are seeking personal information.
• Do not visit any links in email messages of dubious origin or intent.
• Do not enter any of your details on these kinds of sites.
• Please use the legitimate site of http://www.incometaxindia.gov.in/ for any help regarding an income tax refund in India.
Note: My thanks to Ashish Diwakar and Rohan Shah, the co-authors of this blog.