The Central Board of Direct Taxes of India extended the deadline for filing income tax for fy11 from September 30, 2010, to October 15, 2010, in view of difficulties caused by the recent floods in various parts of the country. The announcement was followed by phishing attacks spoofing the Indian Income Tax department’s website.
The phishing websites had “Tax Refund” as the title and contained a message that requested the customer to select from a list of 10 Indian banks to complete the refund request. Once a bank was selected from the list, the customer was redirected to a phishing site spoofing the login page of the selected bank. After the login credentials were entered into the phishing site, the customer was redirected back to the legitimate bank’s website. In this way, phishers were targeting several banks from a single phishing website. The primary motive in these phishing attempts was financial gain. The phishing sites were hosted on servers based in Mississauga, Canada.
Symantec had earlier reported a trend on phishing sites spoofing the income tax department in which the same bait of tax refund offers was used. To read more on the trend, please refer to “Scammers Offering Tax Refunds”.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
• Do not click on suspicious links in email messages.
• Check the URL of a Web site and make sure that it belongs to the brand.
• Type the domain name of your brand’s Web site directly into your browser’s address bar rather than following any link.
• Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.
Thank you to the co-author of the blog, Ashish Diwakar.