Cyber experts have warned Internet users of phishing scamsters who are luring people with government domain names and sending unscrupulous e-mails to collect financial and personal information. Mail boxes of people are being hit by an e-mail sent from “firstname.lastname@example.org”, informing them of a tax refund pending with the department which can be collected by entering their financial and bank-related information by clicking on a given hyperlink in the mail.
The Income Tax Department’s web link also has the address ” www.incometaxindia.gov.in.” which gives the scamsters’ email a genuine image and even prompts people to share the information.
One such mail was received by Lucknow-based Arun which read, “We have reviewed your tax fiscal payment for previous years and have resolved that you are qualified for a refund of the sum of Rs 34,120.05 which is your accumulated tax excesses. Please submit a tax refund request and allow us to process it within 10 working days.”
Arun was taken aback as he is a student. “It seemed like a fraud because being a student I don’t file any income tax returns. So how can I be eligible of a refund?”
According to private cyber security firm XCySS, such e-mails show that the department had not properly secured its server.
Mukesh Saini, chairman of the firm, said, “It seems that the website has an open proxy domain which allows anyone to assume the name of the Income Tax Department domain and send mails from it and it can be changed if the mandarins of the department instruct their service providers.”