PHISHING IN NEW WATERS
Date of Publishing:12/01/2011
After Nigerian Frauds, Emails Imitating I-T Dept Seek Bank Details Promising Tax Returns
Mumbai: A senior insurance professional from Pune became suspicious when he received an email from the income tax department, offering him a tax refund of Rs 47,000. The email seemed beyond suspicion as it had a near-perfect imitation of the official emblem.
However, it was actually a smart attempt at phishing. The false website mirrored the original so people would be tempted to fill in personal information and banking details, thus exposing themselves to financial fraud.
What saved this recipient was his keen knowledge of the banking, insurance and income tax sectors.
"The sender informed me that I stood to earn a refund of Rs 47,000 and requested me to fill out my bank account details on the accompanying link," he says. "I was surprised because the mail arrived on my official email address which I have never submitted to the department. Moreover it is common knowledge that the I-T authorities do not send notices over email. Instead refunds are despatched directly into the taxpayer’s bank account. Any correspondence is sent to one’s residential address."
The cautious gentleman did not click on the accompanying link.
However, Mumbai trader Paras Shah opened a similar email to find a detailed web laid out for unsuspecting victims. The link he clicked upon led to a detailed grid of fake websites of over 20 of the country's leading banks both from the private and public sector. Although each website appeared similar to the original set up by the bank, the header carried odd names like patriciabento.com.
Shah was circumspect as he had been tempted to believe a similar fraud the first time he received such a letter on another email address two years ago. "The refund amount mentioned at the time was around Rs 2,000-3,000 which is normally what the I-T authorities pay me each year. Fortunately, I adhered to the common wisdom of not providing bank account details over email so I was saved. I dismissed this as the odd instance of a fraudster aiming a shot in the dark but given the frequency of such emails this seems to be a pattern," he says.
But those being impersonated wisened to the fraud a long time ago. An I-T spokesperson points to the official web site www.incometaxindia.gov.in which carries a disclaimer printed vertically in bold red. This bears an explicit warning that the department neither despatches emails regarding refunds nor requests information about the credit cards of taxpayers. "The income tax department does not send emails requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts," it reads, and urges people not to respond to such emails.
Targets of online fraud believe the authorities should investigate and punish the criminals. "Just two weeks ago the CBI web site was hacked by Pakistani elements," says the insurance expert from Pune.
"It is necessary that the National Informatics Centre, the administrator of government websites goes through such emails with a fine comb to prevent greater damage."
I-T ADVISORY Measures you should take if you receive an email from someone claiming to be authorised by the income tax department or directing you to an I-T website:
Do not reply
Don't open attachments as they may contain a malicious code that could infect your computer Don't click on links provided. If you clicked on a link in a suspicious email or phishing website then don't enter confidential information like bank account and credit card details Don't cut and paste the link from the message into your browser Phishers can make false links look like real ones but they actually send you to different websites Use anti-virus software, anti spyware and a firewall and keep updating them. Some phishing emails contain software that can harm your computer or track your activities on the internet without your knowledge. Protective software can protect you from inadvertently accepting such unwanted files
REPORT PHISHING The I-T department asks citizens to forward the suspicious email to email@example.com. A copy may be forwarded to firstname.lastname@example.org. The authorities encourage people to also send the internet header of the email. The internet header has additional information that can help them locate the sender. After you forward the email or header information, delete the message from your inbox and sent mail
SIMILAR FRAUDS The infamous Nigerian fraud involves criminals who send random emails to people informing them that they have won huge sums of money either by bequeathal or charity. It urges them to provide bank account details or despatch huge sums as transfer fee so the assets can be remitted to them.
WHAT IS PHISHING? Phishing is an act of online financial fraud that involves securing personal information like bank account numbers, passwords and credit card information from unsuspecting victims. The perpetrators clone websites of banks, financial institutions or sundry businesses and use them to despatch emails offering monetary benefit. At times, they solicit personal information by asking people to fill out certain forms or reconfirm passwords
How To Tell Clones The cloned websites are so similar to the original in design and logo that an untrained eye can seldom tell the difference. Besides the income tax refund fraud, which is common these days, senior management of various firms has been receiving “recruitment offers’’ from clone websites of Maruti Suzuki, Videocon and Coca Cola. However, typographical errors and the usual demand for security deposits via bank transactions are giveaways.
Web Resource for Reference of the Above Mentioned Article: