‘tis the season for filing Income Tax Returns in India! Fa la la la la la la la! To make the task easier, nowadays there are agencies that help people file their IT returns online. On 1st August 2014 one of the researchers in our lab received an email in his spam folder from an agency with the subject stating, “Today is the last day for filing your Income Tax return”, i.e. well after the deadline of 31st of July, IST, for filing returns.
The actual message received is shown in the image below:
What caught our attention is that, on hovering over the button “File your Income-tax return Today!” the website in the hyper link was different from the website address the email was claiming to come from. The resulting website when you click on this button asks for sensitive information like PAN card and bank account details.
Further investigation helped to identify the websites as clean. However, it has been constantly advised by the Government of India not to carry out these kinds of sensitive activities through any unauthorized third-party websites, to avoid any unhappy situations, as explained in the following popup image from incometaxindiaefiling.gov.in, the bona fide portal through which ITRs ought to be filed:
The websites involved in such ITR-filing activities seem to be unaware of the future consequences of their ill-thought-out email campaigns to promote their businesses.
It’s a known issue that hackers are always in search of new ways to harvest private/critical information from users for their own gain. The strategies used here by the third-party agency to redirect to its own tax filing page might also be used by hackers in phishing activities to exploit GOOD RETURNS!
Let’s now look at other facets of the above email which increase suspicion levels:
- The email is not addressed to the receiver but rather to a generic “Hello [NAME]”
- Questions are to be emailed to an email domain name which appears, at first glance, to originate from outside India
No wonder this email, which by the way was received TWICE within a short span of time, ended up automatically in the spam folder.
Vivek Das
Automation Developer, K7Lab
If you wish to subscribe to our blog, please add the URL provided below to your blog reader:
https://labs.k7computing.com/feed/