Scam Alert – Now using Income Tax of India
Income Tax Government of India emailed me last evening. I assumed this email was a confirmation for the refund I received earlier this year, but no, this was about giving me more, an excess refund of Rs. 36,120.25 accumulated as Tax excess.
This is a scam! This is how..
Email that landed in my inbox:
First look at the email and you believe this is genuine. It comes from an email registered with incometaxindiafiling.gov.in, professionally written and there is an amount of Rs. 36120.25 (not too high to raise red flags). When I first read I believed it, but being aware of having received any refunds already, I re-read it. Thanks to that, I knew that this was a case of a new con game on the internet.
Generally most scam emails stop here, you click the links on the email and they have your email and everything that they intended to have except your money. These guys however are professionals and have played the long haul in designing this. As a normal user, you should just spam the email and stop right at this step, I however played along just to show you how this scam works!
First, how to detect if this is a scam. There is a small button near the reply button of the email, click on that and it should show you a “Show Original” option.
Click through that and you should see this:
What you are looking for is Received from, or Return Path or sometimes even Reply-to. These are the original email servers that were used to send these emails. If this email was sent from a genuine email Id, the reply to or return path should have been to another income tax portal email id, on this it is not. However, the smart thing is they do not have a reply-to defined, which means replying to this email will populate the same from email id. Other scammers use an actual scam email id so that emails (sent blindly without looking at what the to email is) do not bounce back raising red flags.
[ On this email however there is a "via eigbox dot net". No reason to suspect this, because there are a number of institutions using different mail servers for their email applications, My company uses services of google. You can use Show Original option to also see that this email was sent using eigbox dot net]
If you are unable to identify this as a fraud in this step itself, you will probably notice it in the next.
See how cleanly it is designed to look just like the Income Tax website of India. If you turned a blind eye on this, you are going to their next step. You should stop as soon as you see the URL, It’s simple as that. If you have doubts whether this is from a genuine URL just google the original link and compare it with this one.
The scammers now want to link you to your bank account to confirm transfer of funds, select a bank: There is a choice of at least 15 banks operating in India with netbanking options. I chose HDFC Bank. The fake URL is still there!
Always be cautious whenever you are logging in to your netbanking account,. Always verify that you are logging in to the correct URL. Usually all banks have one click login to your netbanking page to redirect consumers to correct url’s. Some of my friends have this habit of marking the second page, the actual login page as a favourite. This they tell me is to ensure they always logged in to a genuine website, but if I had access to their computer (even through a network) I can design a website to look just like this and modify their saved favorite to open the fake site.
Most of the times people will fall for it, because this has become some sort of habit! By making it a habit to always enter the url of bank website manually, you are ensuring that you are not logging in to a different website.
HDFC has a two-step login, a user has to enter their customer ID, and the page will load back an image as selected by a user with the favorite message. How many times do we actually check that. To ensure HDFC always gets your attention they have a check box you need to click after verifying the image to login to your account. I havent done this a 100 times, because we are of habit of entering our email id’s followed immediately with a password to login to our email accounts. So it’s always ID first, followed by a Password, which is what these scammers bank upon. Even when I was playing into the scam, I entered a fake ID and password almost immediately to be returned with this:
I do not really have to tell you what they can do after having your login details. You might argue of the inability to transfer funds because of 3D secure access, a middle tier where you need to enter a transfer password to transfer funds. Just to let you know, with your login they have your address, your complete bank information. They can print out statements, use them to get loans credit cards and everything that can be done with a bank statement.
If they can produce a fake website, they can even create fake cheques with your name and account number, pass them on. Whenever there is an investigation the police can come catch you. They could change your banking address, and phone numbers. So all of this would happen without you knowing about it. It’s a high risk affair!
I played along, but you never should. Why? They could have designed a worm that would have been downloaded to your system, sitting on your computer waiting for you to login to something they would need, and because you are connected to the internet it can easily send this information out to the scammers email, without you knowing about it. At this current point I run a risk of being affected by a malware, for which I’m running an antivirus scan. My computer is also protected by the latest antivirus, and notifies anything and everything that gets downloaded.
A malware download is a worst case scenario, they could have scripts on their website to access all the information from the web browser. If you have saved passwords, they could have access to all that information. They are professionals, they could have access to virtually everything if you are unprotected. Money is only a bonus, personal information is really the thing they are after!
The only way to save yourselves from this is to not click anything that suspicious, if you do however find that it is a scam in the next step, close it, spam it and delete it. Always have the antivirus program running the latest versions.
I am going to report this to all the banks, and the IT Department. The IT department seem to have already noticed this and have this to say:
On further research on the email server that sent out this email, I found this on ip-Address.com (I do not say that this information is true, it’s just something I found when I was searching for information on eigbox dot net)
Always remember Money is just a bonus, the scammers are usually after your personal information!