The last three months has reportedly seen a rise in malicious emails claiming to be from the Income Tax Department of India, according to IT security company Symantec. This being the season where employees are generally required to revisit their computer’s income tax activity and submit proof of investments to their employers, it happens to be ripe for scammers to capitalize on the sentiment.
There have been at least two types of emails in circulation. While each email differs in its template, the goal is the same: to infect computers with an information-stealing Trojan that logs the target computer’s keystrokes. The Trojan also collects system information such as titles of open windows and the operating system version, which are sent back to the attacker’s command and control (C&C) server.
Of the two types of emails in circulation, the more popular variant announces that thousands of rupees have been deducted from the recipient’s bank account as a tax payment. The emails also contain an attached file that claims to be a receipt for the payment. The alleged receipts are ZIP files that contain information-stealing malware that Symantec detects as Infostealer.Donx (more information on the threat here.)
The second type of email observed is more detailed than the first, because it copies the template of an actual intimation sent by the Income Tax department. It makes reference to the PAN, or Personal Account Number, which is used to identify taxpayers in India. The attached ZIP file is not password-protected. Contrary to what the email claims, the ZIP file does not contain a PDF. Instead, it contains another information-stealing Trojan that Symantec detects as Trojan.Gen (more information on this threat here.)
Further, to make the emails appear more convincing, the attackers spoof the domain for addresses belonging to the Income Tax Department of India. Some examples of the email addresses seen include:
- admin-dept[@]incometax.gov.in
- cpc[@]incometax.gov.in
- admin[@]incometax.gov.in
- efilingwebmanager[@]incometax.gov.in
- intimationz[@]cpc.gov.in
Best practices to follow to ensure that your computer and data is protected against such attacks include:
- Not opening attachments or clicking links within suspicious email messages
- Ensuring that your computer’s operating system is fully patched and up to date
- Keeping your computer’s security software up to date with the latest definitions
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Computer virus threats")
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}