Symantec has reported that it has observed malicious emails claiming to be from the Income Tax Department of India in the last three months.
Under the security firm’s observation, it saw emails of what seems to be a deduction from the recipient’s bank account as a tax payment, containing an attached file that looks like a receipt of the payment. The alleged receipts are .zip files that contain information-stealing malware that Symantec detects as Infostealer.Donx.
Another email template carrying an information-stealing Trojan even copies the template of an actual intimation sent by the Income Tax Department, referencing to the Personal Account Number of the taxpayer.
In the means to convince the recipients, the attackers have spoofed the domain for email addresses belonging to the Income Tax Department of India.
The malicious emails collect system information such as titles of open windows and operating system version, and are sent back to the attacker’s command and control server.
Symantec’s observation further revealed that 43 per cent of the emails were delivered to users in India, 20 per cent in the United States, and 14 per cent in the United Kingdom.
While India’s tax office in fact sends emails to taxpayers with attachments, they are password-protected using the taxpayer's PAN and date of birth, compared to the spams that are not password-protected.
Symantec warns for users to be cautious when receiving suspicious emails
Image source: Shutterstock/bluebay