Criminals Impersonating Income Tax Collection Agencies

Cybercriminals are targeting India, US and other countries with fraudulent "tax deduction" emails to steal information, security software firm Symantec said.

"During the last 3 months, Symantec has observed malicious emails claiming to be from India's Income Tax Department. The report shows 43 percent of these scam emails were delivered in India, followed by the US (20 percent), and the UK (14 percent)," Symantec Senior Security Response Manager Satnam Narang told PTI.

He added that there have been at least two types of emails in circulation - one that claims that thousands of rupees have been deducted from the recipient's bank account as a tax payment and the other copies the template of an actual intimation sent by the IT-Department.

Narang said the activity could grow further towards the closing of the financial year as people file their income and other taxes.

"While each email differs in its template, the goal is the same: to infect computers with an information-stealing Trojan that logs keystrokes. It also collects system information like titles of open windows and the operating system version that is sent back to attacker command and control server," he said.

The mails stating that money has been deducted contain an attached file that claim to be a receipt for the payment.

The alleged receipts are ZIP files that contain information-stealing malware that Symantec detects as Infostealer.Donx, he said.

On the other hand, the authentic looking mail with the Personal Account Number (PAN) (used to identify taxpayers in India) contains an attached ZIP file that is not password-protected.

"Contrary to what the email claims, the ZIP file does not contain a PDF. Instead, it contains another information-stealing Trojan that Symantec detects as Trojan.Gen," Narang said.

He added that the attackers spoof the domain for email addresses belonging to the Income Tax Department of India in an effort to make the emails look more convincing.

"In India, the IT-Department does send intimation emails to taxpayers. While these emails include attachments, they are password-protected using the taxpayers' PAN and date of birth/date of incorporation. This is unique to each entity and adds credibility that the source of the email is the IT Department," he said.

Narang added that one should avoid opening suspicious looking mails and report the email to Indian Computer Emergency Response Team (CERT-In).

NDTV

« The Fourth Industrial Revolution
There Are No Laws About Using Killer Robots »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Continuity Shop

Continuity Shop

Continuity Shop provides training and consultancy in Business Continuity and Information Security to some of the world's biggest organisations.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

Eversheds Sutherland

Eversheds Sutherland

Eversheds Sutherland is a global multinational law practice offering a full range of commercial and IT law services including Privacy, Data Protection and Cyersecurity.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

Hardenite

Hardenite

Hardenite solution helps R&D, DevOps and IT teams to continuously manage security risks and hardening efforts of any Linux OS – based product, throughout the product life cycle.

Pinpoint Search Group

Pinpoint Search Group

Pinpoint Search Group's recruiters specialize in Information Management, Cyber Security, Cloud and Robotic Process Automation (RPA).

GCHQ Apprenticeships

GCHQ Apprenticeships

GCHQ, the UK intelligence and security organisation, offers a unique three-year Cyber Security Degree Apprenticeship with employment on successful completion.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Insane Cyber

Insane Cyber

Insane Cyber make cybersecurity easier to manage through automated, easy-to-use software and expert support and partnership.