a4apphack

Featured
Firefox
Internet
- Backup
- Blogs
- Browser
- Email
Leisure
- Cool Sites
Mobile
- Android
Multimedia
- Graphics
- Images
- Movies
- Music
- Video
Programming
Security
- Browser
- Code
- Docs
- Tips
- Tools
- Tutorials
Softwares
- Download
- Fail
- Freeware
- Online
- Portable
- System Tools
Tips & Tricks
- Tutorials

Indian Income Tax Phishing Site

Posted by rajivvishwa On October - 19 - 2009

Today I received a mail from the sender ‘India Tax Departament’ that I am yet to receive the tax refund amount. Since I received this in my gmail id, the images weren’t displayed by default. The first this I did was to check the sender email id and it was from ‘wnrlky@aol.com‘. I can assume that this id has been long used for phishing attacks (the id resembles ‘winnerlucky’).

India Income Tax Phishing Mail

Then I enabled the images to check whether he had embedded any government emblems. But to my surprise it was written ‘Australian Government’ . May be this was not targeted to Indians first. After understanding that this is a fraud mail, I wanted to read the entire mail and find out the URL under interest.

The attacker had obfuscated the URL to http://trim.li/nk/qFW, since this ensures that the receivers email client, like in my case gmail, wont move any mails containing these types of links to Spam folder. I checked the site which the trimmed URL is redirected to and it was http://intaxdepartamenet.com/

India Income Tax Phished Website (http://intaxdepartamenet.com/)

Most of the URLs in the Phished site are linked to the genuine site (http://www.incometaxindia.gov.in/) except one, ‘Tax Refund Online Form’. The attacker has spent enough time to recreate this site.

Check the original India IT site screenshot below

India Income Tax Genuine Site (http://www.incometaxindia.gov.in/)

Once clicked on the ‘Tax Refund Online Form’ link, we reach the last part of our journey, the credit card entry page.

Enter Credit Card and PII details

He needs the ATM pin as well

When I checked the whois details for this phished site, I can understand that this has been hosted with Yahoo.

Registrar:     MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Status:        clientTransferProhibited
Dates:         Created 18-oct-2009   Updated 18-oct-2009  Expires 18-oct-2010
DNS Servers:   YNS1.YAHOO.COM  YNS2.YAHOO.CO

One interesting thing to note is the domain name, intaxdepartamenet.com, I assume that the attacker might have found it difficult to host website which has a domain name containing the prohibited string ‘department’ ( intaxdepartment.com site is available but he still chose a different one)

I’ve reported this site but hope that no one falls in this trap before necessary actions are taken. So people beware of Phishing mails and dont click on any links before deeply observing the domain name.

Take a test now and check your IQ in Phishing : http://www.sonicwall.com/phishing/

Featured, Security

a4apphack

Indian Income Tax Phishing Site

Related Posts

Archives

© Copyrights

Related Posts

Categories

Sponsored

Popular Posts

Most Commented

Recent Posts

Recent Comments