Archives

Tax refund spams are back

It’s that time of the year when people in some parts of the world are filing their tax returns, and what better time for cyber crooks to trick them into falling prey for phishing attacks via emails. India has been reported in recent malware threat reports as one of the regions with high spam activity and this blog will briefly discuss a very convincing social engineering spam I ran into recently.
I received an email in one of my email inboxes which seemed to promise me a refund of 34,000 Indian Rupees, provided I submit a request through a URL on the email [see Figure 1]. This email immediately aroused my suspicion, as I have been abroad for more than a year now and was not expecting such an email. The content of the email also seemed fairly convincing from an ordinary net user’s perspective. Sure enough, the URL was parked on a German subdomain hosted on a free hosting website. Well I am fairly certain that the Income Tax Department of India would not be hosted on a .de domain.

[Figure 1] A Regional Tax Spam Email

Interestingly, upon clicking the link, the website appears to be down, so I was unable to further investigate the extent of this social engineering attack. I am almost positive that the possible next step to this attack would be to make the unsuspecting user give up their banking information, personal identification information and contact details in the ploy of refunding this bogus amount. Such attacks may not only be targeted to steal banking details, but may also be used in identity theft. Since I have received such an email, I am fairly certain similar emails are being sent around to other people’s inboxes and perhaps with actively working phishing webpages too. So the next time you get any such communication, be sure to confirm they are genuine.

Some quick tips to keep safe from the impact of such emails:

  • Look for the Email Salutation. General purpose spam email, such as the one above, mostly will not contain your name, indicating that it is possibly a fraudulent email.
  • If an email contains any URLs recommending you to click on them, it would be a good idea to right click on the link, copy the path and then inspect it to verify if it belongs to a known and legitimate website or not.
  • Do not click on any links or divulge your personal information to any website that you do not trust or are aware of. Monitor the URL addresses to ensure you are where you are supposed to be. If in doubt, visit your tax related website independently by using a fresh browser instance.
  • Report such emails to your email providers, filtering or report-spam services, such that someone else will benefit from not getting such emails.
  • As always, keep a watch over your browsing and keep your anti-virus up-to-date.