Criminals Impersonating Income Tax Collection Agencies

Cybercriminals are targeting India, US and other countries with fraudulent "tax deduction" emails to steal information, security software firm Symantec said.

"During the last 3 months, Symantec has observed malicious emails claiming to be from India's Income Tax Department. The report shows 43 percent of these scam emails were delivered in India, followed by the US (20 percent), and the UK (14 percent)," Symantec Senior Security Response Manager Satnam Narang told PTI.

He added that there have been at least two types of emails in circulation - one that claims that thousands of rupees have been deducted from the recipient's bank account as a tax payment and the other copies the template of an actual intimation sent by the IT-Department.

Narang said the activity could grow further towards the closing of the financial year as people file their income and other taxes.

"While each email differs in its template, the goal is the same: to infect computers with an information-stealing Trojan that logs keystrokes. It also collects system information like titles of open windows and the operating system version that is sent back to attacker command and control server," he said.

The mails stating that money has been deducted contain an attached file that claim to be a receipt for the payment.

The alleged receipts are ZIP files that contain information-stealing malware that Symantec detects as Infostealer.Donx, he said.

On the other hand, the authentic looking mail with the Personal Account Number (PAN) (used to identify taxpayers in India) contains an attached ZIP file that is not password-protected.

"Contrary to what the email claims, the ZIP file does not contain a PDF. Instead, it contains another information-stealing Trojan that Symantec detects as Trojan.Gen," Narang said.

He added that the attackers spoof the domain for email addresses belonging to the Income Tax Department of India in an effort to make the emails look more convincing.

"In India, the IT-Department does send intimation emails to taxpayers. While these emails include attachments, they are password-protected using the taxpayers' PAN and date of birth/date of incorporation. This is unique to each entity and adds credibility that the source of the email is the IT Department," he said.

Narang added that one should avoid opening suspicious looking mails and report the email to Indian Computer Emergency Response Team (CERT-In).

NDTV

« The Fourth Industrial Revolution
There Are No Laws About Using Killer Robots »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

Cyberlitica

Cyberlitica

Cyberlitica (formerly iPhish) provides a Workforce Threat Intelligence application that significantly augments companies’ cyber threat prevention efforts.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

itbox.online

itbox.online

Itbox.online offers IT solutions to ensure that your company's technologies are always available and secure as your business demands.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

Ensighten

Ensighten

Ensighten is a leader in Website Security & Privacy Compliance. Protect your website from malicious attacks, monitor & detect vulnerabilities, protect consumer data.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Cyber Security Certification Australia (CSCAU)

Cyber Security Certification Australia (CSCAU)

CSCAU is the world’s first 'for mission' industry council set up to address small and medium-sized business (SMB) cyber resilience through annually updated certifiable standards.