Scam with hackers masquerading as tax men

The Indian Computer Emergency Response Team (CERT-IN) has uncovered a phishing scam, wherein hackers masquerading as Income Tax officials are sending malware-laced notices to victims via email.
With the ease of access to smartphones and the internet, an increasing number of people in India are adopting online mode to avail various services such as ordering food, hailing a cab and also file income tax returns. It can be noted that the Central Board of Direct Taxes received a record 49,29, 191 e-filing of ITRs (Income Tax Returns) on August 31, the deadline to file ITR for 2019-20.

Apparently, this has attracted shady actors to prey on naive citizens. Indian cybercrime unit of CERT-In has observed a spike in fake IT notices being sent to individuals and financial institutions since September 12. It has issued warning to citizens to exercise caution when they receive any such things via email.
There are two types of emails. The first variant includes an attachment with an extension".img" which contains a malicious ".pif" file. The second variants lure the users to download malevolent ".pif" file hosted on a Sharepoint page via a link of fraudulent domain incometaxindia[.]info.
Must read | Dead Simjacker on the prowl: Any phone can be hacked
The shady ".pif" files contact a Command & Control server and drop multiple binary (.exe, .dil) files in [/Users//AppData/Local/Temp] and [/Users/AppData/Roaming] directories. The malware is capable of modifying the Windows registry and has been observed to have information-stealing capabilities. The campaign is said to be identical to "Ave-Maria" malware detected in early 2019, which was used by hackers to hoodwink the user to install an app and steal information.
Though CERT-IN has disabled the Sharepoint page and the malicious host domain, people are advised to be cautious when they receive emails on their smart devices.

Here's how to safeguard from online frauds, phishing scam, and malware:

1) Some of commonly used to subject line and contents in the fake IT notice email are “Important: Income Tax Outstanding Statements A.Y 2017-2018”, "Income Tax Statement XML PAN XXX895X.pif", "Income Tax Statment XML.img" , "Income Tax Statement XXX8957X.pif"among others.
2) Users are advised not to open documents from untrusted sources and should disable running macros in MS Office by default
3) Restrict execution of Powershell/WSCRIPT in an enterprise environment. Ensure the installation and use of the latest version of the PowerShell with enhanced logging enabled, script block logging and transcription enabled. Send the associated logs to a centralised log repository for monitoring and analysis
4) System administrators of the company are advised to enforce application whitelisting on all endpoint workstations. This will prevent droppers or unauthorised software from gaining execution on endpoints
5) Implement application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths
6) Always update your phones and PCs with the latest security updates. Google usually rolls out updates monthly, while Apple release as when they discover any vulnerability in the iOS and MacOS devices. Microsoft too does the same for Windows computers.
7) It goes without saying that everyone should have an anti-virus app on their phone and on the computer
8) Never reveal One Time Password(OTP) nor the debit/credit/CVV numbers to anybody. No bank official or even the Income Tax official ask for financial details by mail or on call or through SMS.
9) Also no IT officer or bank official or any company for that matter, ask you to install an app by sending URL links via emails
10) When you are asked to put in debit card/credit card details on a website, make sure the URL has 'https://'. If it has just http:// without the 's', kill the link
11) In case of genuine URLs, close the e-mail and go to the organisation's website directly through the browser
12) Always be wary of emails sent by unknown names, as in most cases they are fraudsters or annoying telemarketing personnel. Never reply to them, just tag them as spam and move on
13) If you download a file or get a pen drive with movies from a friend or anybody. Just to be on a safer side, scan the system with an anti-virus application. It will only take a few minutes and definitely save you from potential malware or ransomware attack. more  

While filing IT returns, the bank details are entered. If there is a refund, it will be paid directly to that account. This should be clearly publicized by the department. more  
Thanks Mr.Sridhar. We must circulate above warning news to all using social media. IT dept can also send sms to tax payers to be careful about such fraudulent activity. more  
My view is that not to fall prey to such emails or sms. As soon as they are received, please delete them immeidately from your system. Please visit income site with your used id and password to know about impending notices which can be responded/submitted there itself. more  
Correct approach. One should not rely upon even on the Online Tax Return Preparers. None should disclose his/ her income, savings and other assets to third parties (other than Income Tax department of the Govt. of India). more  
Post a Comment

Related Posts

    • 53 commonly used drugs unsafe failed quality test

      53 medicines including paracetamol failed in quality test!! Attached is the full list. Apart from vitamins, sugar and blood pressure medicines, antibiotics are also included in the list...

      By Amit Mishra
      /
    • Devices becoming bimba

      As we saw in Lebanon how pagers and walkie talkie were exploded by the israelis, devices will be used for surveillance and attacks of different kinds in the not so far future. Medical de...

      By Ruchika L Maheshwari
      /
    • AVOIDABLE TRAGEDY

      The majority of Indians are deeply spiritual, with a wide array of religious beliefs. This diversity in belief is not inherently problematic; in fact, many people seek the grace of the Almighty for...

      By Jayakumar Daniel
      /
    • Drugs that have failed quality tests

      Full list of drugs that failed quality tests. Do share with friends family so if they are taking them they find replacements or consult Doctors Cyra Tablets, Rabeprazole Sodium Tablets I...

      By Sarita Ravichandran
      /
    • Bhartiya Nyay Sanhita needs to be rolled back

      In just 15 days, from the 01st of July, the Indian law system will be turned on its head. The BNS is about to begin. Bharatiya Nyay Sanhita (BNS) gives massive powers to local...

      By Ruchika L Maheshwari
      /
    • Band-Aid causing cancer

      Cancer-causing forever chemicals found in BAND-AIDS where they can get directly into blood through open wounds, report warns Bandages from some of the most well-reputed brands, including...

      By Radha Puri
      /
    • Heatwave Alert

      All do’s and don’t issued by sarkar attached

      By Sneha Goyal
      /
    • How to know if phone security is compromised

      Important Thread: 9 Signs Your Phone’s Security Is Compromised! The phone tapping case, which has been making headlines in Telangana, has sparked concerns about the privacy and sec...

      By Garima Sharma
      /
    • Words of ex CBI director Nageshwar Rao today

      Every Indian’s Aadhar Card, PAN Card, Bank Account, Passport, Driving License, FasTag, DigiYatra, Mobile, DigiLocker, Property and Vehicle Registration, Payments, etc are all digitised and li...

      By Rajesh Suri
      /
    • WHY ARE DOGS ROAMING THE STREETS?

      It is reported that a 7 month old Baby has been mauled to death. It appears the Baby was left unattended by a Cleaning Staff. But who let the dogs out on Streets. ? Their place is in human homes a...

      By Jayakumar Daniel
      /
    • Road side assistance for auto cos during an emergency:

      Road side assistance contact numbers during an emergency: Maruti Suzuki: 1800 102 1800 Hyundai: 1800 102 4645 Tata Motors: 1800 209 8282 Mahindra: 1800 209 6006 Toyot...

      By Ruchika Mistry
      /
Share
Enter your email and mobile number and we will send you the instructions

Note - The email can sometime gets delivered to the spam folder, so the instruction will be send to your mobile as well

All My Circles
Invite to
(Maximum 500 email ids allowed.)