Beware – A Phishing Attack through IT Refund Message

Supply Co. 3

Smishing, a variant of phishing, attacks through SMS usually target individuals or organizations, it imitates an identity of a legal organization to gain the trust of the victim.

An incident from a locality in Chennai reported that an employee of a private firm was victimized to a phishing attack. The employee lost Rs 1.2 Lakh after he clicked on a message which claimed a refund from the income tax department.

The victim was tricked with an SMS, which he received on his cell phone. The message stated that an income tax refund was accumulated in his account and he needs to click on the link for the settlement. The SMS was with a heading BZ and did not display any number. The victim clicked on the link which directed him to his bank’s net banking website asking him for his username and password. On entering the details, the victim lost Rs. 1.2 lakhs to the fraudster within few seconds.

In our earlier blog  Malware In Fake Income Tax Emails the Indian Computer Emergency Response Team (CERT-In) stated that how a phishing and malware campaign targeted individuals and financial organizations. A Malware was found in emails disguised as emails from the Indian Income Tax Department.

Similarly, another victim from Purasawalkam received a notification that his income tax refund was approved and he needs to login to his account for further settlement. A link was sent to him to update his bank record. Suspecting the activity to be a fraud, the user deleted the message but it was too late to prevent the fraud and he lost the money to fraudsters.

Phishing complaint was lodged by both the victims with the Central Crime Branch of the police.

The senior police officer mentioned that earlier such fraud activities use to happen with the calls from fraudster asking for OTP on the pretext of updating Aadhaar, PAN or bank account details. The officer also said “Now, they adopt a new phishing method. They just send a malicious link and swindle the money, leaving the account-holders high and dry,” the official added.

Capt. Vineet Kumar, president of Cyber Peace Foundation said “The attackers can send any link to anyone. This is spoofing. They send [what looks] like an official message from the Income Tax department stating that he or she is eligible for a refund,”

He added “If the victim clicks on the links sent to their mobile or mail, there is a high possibility that malware is installed on the mobile and takes them to a fake website resembling the bank. Then a form is provided to fill details. As the phone is compromised, the hacker gets the OTP and get the money,”

Awareness plays a key role for individuals and organizations to secure their sensitive data, taking the right measures against any threats is crucial to prevent financial damage.

Logix Infosecurity with its multi-layered, multi-tiered Security approach prevents an enterprise from multiple threat attacks. From Cybersecurity to Email Security offerings, Logix expertise lies in deploying & managing the best solutions for business enterprises with constant monitoring & support.

You can visit Logix website to know more.

Leave a Reply

Your email address will not be published. Required fields are marked *

Continue to chat
Hello 👋
Let us know how we can help you!