14 DAY TRIAL // Security researchers warn of a new phishing attack exploiting the tax return filing period in India, which uses fake pages for a large number of banks.
Floods in certain parts of India led the country's Central Board of Direct Taxes to extend the due date for filing income tax returns from September 30 to October 15.
According to Mathew Maniyara, a security researcher with Symantec, this decision attracted phishing attacks, which distributed links to a fake version of the Indian Income Tax Department website.
The rogue page instructed visitors to select their bank from a list of over a dozen financial institutions in order to complete the refund request.
"Once a bank was selected from the list, the customer was redirected to a phishing site spoofing the login page of the selected bank.
"After the login credentials were entered into the phishing site, the customer was redirected back to the legitimate bank’s website," Maniyara explains.
Phishing emails claiming to originate from tax collection agencies are common during the tax filing periods, especially in countries like US, UK, Canada or Australia.
However, attacks targeting so many banks at once are relatively rare, because they require more effort from attackers to pull off.
Nevertheless, in July we reported about a similar emails targeting British taxpayers and purporting to come from HM Revenue & Customs (HMRC).
The messages directed users to a fake HMRC page, which also asked them to select their bank from a list.
The attack involved phishing pages for Barclays, Lloyds TSB, Halifax, Abbey, HSBC, cahoot, RBS, egg, NatWest and Alliance Leicester.
Meanwhile, security researchers from CA also report about Indian cybercriminal gangs specializing in multi-bank phishing operations, but unrelated to tax returns.
"The emails appear very similar to each other which suggests that these emails although received at different times originate from the same source," CA researcher Akhil Menon writes.
"The phishing pages are also designed carefully by the attackers to incorporate all the essential fields that are specific to each Banks security requirements," he adds.