Phishing emails: IT dept sends over 100 fraud links to cyber

Certain emails recently spoofed the I-T department's identity

Taking note of the spate of phishing and cheat refund emails landing in inboxes of taxpayers, the Income Tax department has referred over 100 such instances to the country's premier cyber security agency to block these hackers lurking in the e-world.

The department is particularly worried after taxpayers recently brought to its notice certain emails which have very cleverly "spoofed the department's identity" by using almost resembling addresses to cheat gullible taxpayers over the Internet.

One such example is hackers using the email domain-- "mailto:noreply@incometaxindia.Gov.In", noreply@incometaxindia.Gov.In" to send such phishing emails.

"The department has reported over 100 phishing emails and hacking attemptsthrough fake websites and links to the Computer Emergency Response Team-India also called the CERT-In.

"The CERT-In has been informed that these emails are a serious concern for the taxpayers and the Income Tax department as this malicious assault over the Internet directly dents the taxman's efforts to effectively engage with the tax paying public in a paperless and non-adversarial manner and dissuades an individual from conducting safe e-transactions," a senior official supervising the counter operations in this domain said.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of Indian Internet domain.

The department, the official said, has asked the cyber security sleuths to specifically go behind the fraud and malicious email domains and URLs and ensure that such e-links are not able to send emails to the bonafide address of the taxpayer.

"These over 100 instances have multiple strains of fraud communications identified in them. The department is implementing all best practises to further bolster its e-services vis-a-vis dealing with taxpayers," the official said.
The phishing emails issue has become such a menace that

the Central Board of Direct Taxes (CBDT) early this month issued a statement and public advisory assuring taxpayers that it never asks them about their vital personal financial data like PIN numbers, passwords or details of credit or debit cards.

Such an advisory is also prominently posted by it on the official website of the department--http://www.Incometaxindia. gov.In, incometaxindia.Gov.In.

In cyber crime paralance, phishing denotes a cheating attempt to trick someone into clicking a malicious link in a seemingly legitimate email and subsequently trying to break through a computer's defence and fraudulently skimming away money from e-accounts.

The IT department has also adopted some globally followed best practises in its systems units which helps in automatic differentiation between a fake and an original email.

The taxman has also suggested some counter-measures for the taxpayers to check against a phishing email, which tend to seek vital details of a person and then cleverly cleans up their funds from either the bank account or debit/credit card.

It has been adviced by the department that domain names should be checked for incorrect or mis-spelt sounding variants of original IT department links, not opening any attachment, not to click on links provided in such an e-communication and usage of good anti-virus and firewall on the operating system.

Taxpayers have also been suggested to just forwardsuch emails to CERT-In on their officialmailto: id--incident@cert-in.Org.In and "id--incident@cert-in.Org. in, for proper action.