Criminals Impersonating Income Tax Collection Agencies

Uploaded on 2016-02-02 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cybercriminals are targeting India, US and other countries with fraudulent "tax deduction" emails to steal information, security software firm Symantec said.

"During the last 3 months, Symantec has observed malicious emails claiming to be from India's Income Tax Department. The report shows 43 percent of these scam emails were delivered in India, followed by the US (20 percent), and the UK (14 percent)," Symantec Senior Security Response Manager Satnam Narang told PTI.

He added that there have been at least two types of emails in circulation - one that claims that thousands of rupees have been deducted from the recipient's bank account as a tax payment and the other copies the template of an actual intimation sent by the IT-Department.

Narang said the activity could grow further towards the closing of the financial year as people file their income and other taxes.

"While each email differs in its template, the goal is the same: to infect computers with an information-stealing Trojan that logs keystrokes. It also collects system information like titles of open windows and the operating system version that is sent back to attacker command and control server," he said.

The mails stating that money has been deducted contain an attached file that claim to be a receipt for the payment.

The alleged receipts are ZIP files that contain information-stealing malware that Symantec detects as Infostealer.Donx, he said.

On the other hand, the authentic looking mail with the Personal Account Number (PAN) (used to identify taxpayers in India) contains an attached ZIP file that is not password-protected.

"Contrary to what the email claims, the ZIP file does not contain a PDF. Instead, it contains another information-stealing Trojan that Symantec detects as Trojan.Gen," Narang said.

He added that the attackers spoof the domain for email addresses belonging to the Income Tax Department of India in an effort to make the emails look more convincing.

"In India, the IT-Department does send intimation emails to taxpayers. While these emails include attachments, they are password-protected using the taxpayers' PAN and date of birth/date of incorporation. This is unique to each entity and adds credibility that the source of the email is the IT Department," he said.

Narang added that one should avoid opening suspicious looking mails and report the email to Indian Computer Emergency Response Team (CERT-In).

NDTV

« The Fourth Industrial Revolution
There Are No Laws About Using Killer Robots »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

DHCO IT

DHCO IT

The DHCO IT team are experts in IT support, cyber security, cloud support and disaster recovery, and are Microsoft 365 partners.

Cyber Security Global

Cyber Security Global

Cyber Security Global is a leader in electronic security, consultancy, technology, cybersecurity solutions, training, and specialized products.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.

ALSO Group

ALSO Group

ALSO is one of the leading technology providers for the ICT industry currently active in 31 countries in Europe and in many countries worldwide via PaaS (Platform as a Service) partners.

Cyberus

Cyberus

Cyberus brings together industry, business, and government to collaboratively create a secure digital future for Russia and the world.