Indian Computer Emergency Response Team Warns about the Unsafe Income Tax Emails

Update: 2019-09-25 13:58 IST

Indian government cybersecurity body, CERT (Computer Emergency Response Team), has issued a warning to Indian citizens about an unsafe online campaign relating to fake emails looking to be sent from the Indian Income Tax Department. As people take the emails from the Income Tax department seriously. Scammers are taking advantage of this by pushing malware concealed as an email from the IT department.

Here is all that you need to know about these 'unsafe' emails.

1. These Income Tax emails are subjected as IT returns or statements



 










As per Cert, these fake emails have subject as: 'Important: Income Tax Outstanding Statements A.Y 2017-2018' or 'Income Tax statement' to attract people's attention.

2. These 'unsafe Income Tax' emails started circulating from September 12













 

The fake income tax emails are generally sent from a domain named 'incometaxindia[.]info.'

3. Two variations of these fake emails: Attachment with extension '.img.' and '.pif.' file



 










CERT-In has found that two fake emails are getting circulated. The first type includes an attachment with extension ".img" which contains a malicious ".pif" file. The second type lures the users to download a malicious ".pif" file hosted on a Sharepoint page through a link of fraudulent domain incometaxindia[.]info

4. CERT-In warns Emails are aimed at stealing personal information












 

As per CERT-In, the malicious attachments containing ".pif" files contact a Command and Control server to modify the Windows registry and try to steal user's personal information.

5. The campaign is like the "Ave-Maria" malware



 










This campaign is unsafe because it matches with the "Ave-Maria" malware. It came with DLL hijacking ability that allowed it to get advanced admin access and bypass traditional detection methods. This malware can also secretly download other plugins and malicious content.

6. It is highly recommended not to open documents from untrusted emails, also disable running macros in MS Office by default












 

7. CERT-In is suggesting businesses to do these changes to prevent unauthorised access



 


Tags:    

Similar News