You've probably just gotten past the entire hassle of filing your yearly IT returns, so of course you'd be upset if the Income Tax Department emails you with an issue to fix. But don't skim past, that email may actually be someone trying to steal your money.
The Indian Computer Emergency Response Team (CERT-In), which is our national watchdog for cybersecurity events, has just announced a new hacking campaign. As it turns out, they've uncovered fake emails purportedly sent by the Income Tax Department, that are in fact loaded with malware.
Pretending to be emails from the body with which you filed your IT returns, the malware has been prowling through Indian cyberspace for two weeks, they said.
"A phishing and malware campaign is active since at least September 12 and is targeting individuals as well as financial organisations," CERT-In said in an advisory notice. "The campaign involves fake emails purporting to be sent from Indian Income Tax Department."
In this case, the scammers are counting on you being paranoid about losing money on your taxes, and therefore clicking any link they send you. Either that, or that you'd be too fed up with the paperwork to bother looking too closely at the links you're visiting.?
Phishing attempts often try to trick you into going to a fake web page, made to look like the real thing, and asking you to log in. That way hackers can steal your login details and passwords directly from you. In this case, it looks like the scam might involve both phishing as well as the spread of malware.
According to the advisory, at least two variants of the email have been spotted circulating. One includes an attachment with a ".img" extension, inside which is a malicious ".pif" file. The second meanwhile tries to trick the user into downloading said malicious ".pif" file from a fraudulent page, incometaxindia.info, pretending to be a tax department website.
CERT-In says the fraudulent domain has now been disabled, so you're safe on that front. However, if you've already downloaded the malware, you'll want to perform a scan immediately, or get someone more knowledgeable to do it for you. You can find the files you need to be purging here (click the appropriate link in the right-hand column).
And in future, there are a few easy steps you can take to not be hoodwinked by scammers:
- If you receive an email from a source you don't know, first scan the sender ID. If it doesn't match any official documentation (which you should be able to find online with a quick Google search), that's your first red flag.
- Check for glaring grammatical errors, which are fairly common in phishing emails in English that originate in India. If there's something wrong, you can bet your salary it's a scam.
- If you're unsure about an email or its sender, don't open any attachments it has. You might think you can just take a look-see, but it's possible for a file to download or run in the background without you even knowing it.
- Most importantly, never ever click on a URL in an unsolicited e-mail, especially if it's shortened. You're better off opening up your browser and manually navigating to the proposed link instead.