Cybercriminals are now attacking people in countries including India, the US and UK with malicious tax deduction emails which are designed to steal data. The practice was uncovered by Symantec and has apparently been going on for the past 3 months.
As per Symantec’s report, 43% of these mails were sent in India, 20% in the US and 14% in the UK. The firm’s Senior Security Response Manager Satnam Narang explains that the hacker’s modus operandi consists of sending a fake email disguised as an official one from the Indian Income Tax Department.
Two types of messages have been detected so far. One says that cash has been deducted from the recipient’s bank account as tax. This missive contains an attached ZIP file which claims to be an acknowledgment for the transaction. It’s actually an information-stealing malware called Infostealer.Donx, according to Symantec.
The other email mimics the template of a real message which is delivered by the IT Department to taxpayers in the country. These mails also contain a ZIP file which supposedly holds a PDF but is in fact another virus called Trojan.Gen, as discovered by Symantec.
Also Read: Kaspersky says India is under attack from US, Chinese, Russian cybercriminals
People can spot the difference by the checking if the attachment is password-protected. The IT-Department always protects the files sent to citizens by asking for the receiver’s PAN number and date of birth or incorporation. Narang notes that each email gets sent with the intention of stealing data by logging keystrokes.
The malware further assembles system information like the titles of open windows and the OS version and sends it back to the scammer. Instances of people getting hacked may rise as the financial year winds down and individuals begin filing their income tax. Narang advises them to avoid opening shady mails and report it to the Indian Computer Emergency Response Team (CERT-In).