Cyber crooks are on the prowl this financial year closing and are using phishing attacks and hoax-alerts to gain access to account details of individuals who have filed their Income Tax returns online, said experts.
“It is the season of income tax returns. Many people file them online. Cyber criminals use this time to launch phishing attacks through emails as many people are not aware of these things,” said Vinoo Thomas, Technical Product Manager, McAfee Labs.
“An email is sent to a number of people, saying IT refund is available. Once it is clicked, the user is directed to a website that looks like that of IT dept. And there, they ask you to disclose your personal financial details in a form.
“That information will end up with a scammer who can empty your credit card or bank account in no time,” he said.
For the financial year 2010-11, the Income Tax department has processed over 38 lakh e-filed returns.
According to cyberlaw expert, Pavan Duggal, unawareness among public and technical sophistication of the cybercrooks has led to increase in phishing attacks in recent years in India.
“People do not know that their financial details can be targeted and misused through Internet. Also, they seem unaware of the policies of financial institutions and government departments to contact their customers,” said Duggal.
What further complicates the matter, according to him is the technical sophistication of such crooks.
“If users are becoming aware of such frauds, these criminals are developing techniques to counter this awareness.
The phishing emails and web sites are made to appear exactly same as that of the original one which confuses the users,” said Duggal.
The recent examples of phishing attacks include RBI phishing scam, ICC World Cup 2011 scam and Valentine Day scams.
“Collecting e-mail addresses from spam mail vendors is not a big deal. People still mention their e-mail address openly on forums and social media networks that makes life easier for online fraudsters. People still don’t use spam filters,” said Thomas.
According to an IT official: “A number of taxpayers receive such e-mails with subjects like ‘tax refund’ and ‘seeking refunds’ during this time of the financial year. The IT department does not send e-mails regarding refunds and does not seek any personal financial information online.
“We also advise tax-payers to keep their user ID and password secure and keep changing them periodically when checking tax credit statements online,” he added.
Apart from taking precautionary steps like not divulging banking details online and not clicking on such e-mails, Duggal said there is a need for stringent law to deal with such criminals.
“This is a bailable offence, which comes under IT Act, 2000. We need to get strict on this. Our conviction rate in cyber crimes is very low, just three in last 15 years,” he said.