Criminals Impersonating Income Tax Collection Agencies

Uploaded on 2016-02-02 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cybercriminals are targeting India, US and other countries with fraudulent "tax deduction" emails to steal information, security software firm Symantec said.

"During the last 3 months, Symantec has observed malicious emails claiming to be from India's Income Tax Department. The report shows 43 percent of these scam emails were delivered in India, followed by the US (20 percent), and the UK (14 percent)," Symantec Senior Security Response Manager Satnam Narang told PTI.

He added that there have been at least two types of emails in circulation - one that claims that thousands of rupees have been deducted from the recipient's bank account as a tax payment and the other copies the template of an actual intimation sent by the IT-Department.

Narang said the activity could grow further towards the closing of the financial year as people file their income and other taxes.

"While each email differs in its template, the goal is the same: to infect computers with an information-stealing Trojan that logs keystrokes. It also collects system information like titles of open windows and the operating system version that is sent back to attacker command and control server," he said.

The mails stating that money has been deducted contain an attached file that claim to be a receipt for the payment.

The alleged receipts are ZIP files that contain information-stealing malware that Symantec detects as Infostealer.Donx, he said.

On the other hand, the authentic looking mail with the Personal Account Number (PAN) (used to identify taxpayers in India) contains an attached ZIP file that is not password-protected.

"Contrary to what the email claims, the ZIP file does not contain a PDF. Instead, it contains another information-stealing Trojan that Symantec detects as Trojan.Gen," Narang said.

He added that the attackers spoof the domain for email addresses belonging to the Income Tax Department of India in an effort to make the emails look more convincing.

"In India, the IT-Department does send intimation emails to taxpayers. While these emails include attachments, they are password-protected using the taxpayers' PAN and date of birth/date of incorporation. This is unique to each entity and adds credibility that the source of the email is the IT Department," he said.

Narang added that one should avoid opening suspicious looking mails and report the email to Indian Computer Emergency Response Team (CERT-In).

NDTV

« The Fourth Industrial Revolution
There Are No Laws About Using Killer Robots »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

Assuria

Assuria

Assuria Cyber Security solutions provide protective monitoring of systems and user activity across the whole IT infrastructure.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.