Many people are receiving emails in the form of a demand notice for outstanding income tax. These emails appear to have emanated from the Income Tax (I-T) department and seem fairly genuine — at least to the lay person. A closer investigation reveals that these dangerous emails, purportedly sent through [email protected]
are not original. Worse, they contain an attachment with an executable file that may install some malware or Trojan on your system. So do not rush to click on attachments in emails that appear to have come from the tax department.
A few years ago, spamsters used to send what appeared to be an I-T tax payment challan receipt via email. Those email contained some obvious signals that revealed they were fake, spam or malicious. For example, that email for tax payment challan receipt was sent from [email protected]
email ID. Those who are careful about opening email from unknown sources would know that the I-T department and NABARD-National Bank for Agriculture and Rural Development are separate entities with completely difference functions and would have been warned.
However, this time around the fraudsters have really become smarter and hence, more dangerous. They are not only using official email IDs, but are also making the body text looks like the original communication from the tax authorities. Here they are spoofing email ID of [email protected]
For those who are discerning there are other give-aways too, but we do understand that these are small differences that a majority of people would not bother to notice or examine with care before clicking on what appears to be a government email that too from the tax department.
The mail addresses you as "Dear Taxpayer"; however, our own I-T Dept refers the taxpayer by full name like "Dear xxxxxxx xxxxxx xxxxxx" or "Mr. / Ms. / Messrs xxxxxxx xxxxxx xxxxxx".
Most importantly, the I-T department, while sending demand for outstanding tax dues, never uses words like "Notice of Outstanding Income Tax Demand to be paid" in the email. Instead, the official and authentic email says "Intimation for your AAAxxxxx0A for the AY: 2017-18". Here the AAAxxxxx0A denotes permanent account number (PAN) of the taxpayer revealing first three and last three letters.
(This is how official email looks like)
Even in the opening line, the official email mentions number of the section under which the intimation has been sent. It says, "Please find the attached communication (Intimation u/s 245 of the income tax act 1961) for PAN AAAxxxxx0A with respect to the Assessment Year 2017-18".
The spam mail, however, states "Please find attached the Reminder on Notice of Demand outstanding and to be paid for PAN xxxxxxx with respect to the return of income filed by you for the Assessment Year 2016-17." Also note, this spam mail is sent to “undisclosed recipient” or number of other people. Why would the I-T department send outstanding tax demand notice for a particular PAN number to several other people?
Most dangerous game played by the fraudsters in this mail is about digital signature. Every email communication from the I-T department is digitally signed by the designated official. It also shares a link (https://incometaxindiaefiling.gov.in/portal/downloads10-11/cpc/DigitalSignatureValidation.pdf.) to know the process of validation of digital signatures.
However, the spamsters have provided a link to "download" the file, purportedly about digital signature. This link is not from the I-T department website, but is from a third party file-sharing portal, box.com. When someone clicks on the link, it opens a page that has a file in .pif format. Many of us would assume this as a PDF file and click to download. However, it is not a PDF but a PIF or program information file. Such .pif files are executable (.exe) files and contain various information such as the path for the .exe file, how much memory to use, font size, screen colours, and size of the program's window.
One such file, command.pif, if found in your Windows-run PC or laptop means the system is infected with Nilage (Trojan) malware. So do not click on the link in the email or download and try to open such files.
Rest of the email is direct copy-paste from official email from the I-T department.
What should you do?
1. Do not reply to the suspicious email. Such social engineering tactics can be identified as these SMS and emails have errors in spelling or grammar errors. Also, the letters in the URL could be jumbled. Even if the SMS or emails came from someone you know, be wary about opening the attachment or click on links. Some malicious emails may be spoofing the sender.
2. Do not click on any links from the email. In case you have clicked the hyperlink then do not download or open the file.
3. Do not cut and paste the link from the message into your mobile device's browsers. Fraudsters can make the link look like real, but it actually redirects to different websites.
4. Use anti-virus software and a firewall for the mobile device and for every other devices used for accessing emails and keep them updated for protection against inadvertently accepting any unwanted files that gets downloaded in the SMShing, or phishing links.
Here is an advisory from the income tax department on reporting such SMS or emails...
If you receive an e-mail or find a website you think is pretending to be of income tax department, forward the e-mail or website URL to [email protected] A copy may also be forwarded to [email protected]
You may forward the message as received or provide the Internet header of the e-mail. The Internet header has additional information to help us locate the sender.
After you forward the e-mail or header information to us, delete the message.
If you receive a phishing mail not pertaining to the income tax department, forward the same to [email protected]