Cyber Crime Hits IT, E-Challans Sent Through Email to Users
It appears that cyber criminals are now trying to exploit the massive drive of digitization that is sweeping the country. This time they have targeted the Income Tax department. Not really the department itself but those who pay taxes.
A new email is circulating throughout India where an email is shot to people using the email ID firstname.lastname@example.org. The mail sender is shown as Income Tax Department and comes with a subject line: “Your Tax Payment of INR 70,000 is Successful”. Down in the body section is a link which prompts users to click and download the payment challan.
So, why is this email a fake one? What are the clues that give away the fraudsters? Let us take a look at them one by one.
Reason 1: The email ID
Come on! When did you see the IT department and NABARD (National Bank for Agriculture and Rural Development) work together to collect income taxes? That’s solely the responsibility of the IT department and NABARD has a completely different purpose of helping the agricultural sector of India to develop. NABARD essentially provides financial assistances to financial organizations which lend money to agricultural and rural people. NABARD has absolutely nothing to do with income tax. So, the email email@example.com is just bogus. In reality, the IT department uses the following web address: incometaxindia.gov.in and hence, any email should actually look something like firstname.lastname@example.org.
Reason 2: INR is not used by government
Go through any communication of any government organization. You will notice that all monetary values are preceded either by the new rupee symbol (₹) or by Rs. INR has never been used by the government. INR is rather used by other foreign bodies or by individuals like you and me. So, INR itself becomes a blatant giveaway of the fraudulent intentions of the email.
Reason 3: Challan is pre-payment doc and not post-payment doc
What is a challan? It is a document which is issued asking for a payment. This means that challan is issued always and always before a payment. Challans are not issued after a payment has already been made. Once a payment is made, what is issued is known as money receipt. The IT department knows this whole concept very well. So, the word challan is also a giveaway.
Reason 4: Dear Sir in the body
When the IT department sends an email, it always and always uses the full name of the concerned person. So, if a person’s name is say, ‘Amit Agarwal’ (This name is just a pure assumption and has no relation to anyone living or dead. If accidentally, this name matches that of anyone alive or dead, it is purely accidental), the IT department will start the email as:
Dear Amit Agarwal,
And not as…
Reason 5: The link in body is linked to TCRCGroup.com
Hovering the mouse on the download challan link shows the domain TCRCGroup.com. Well, that’s definitely not Income Tax Department of India. A whois probe on the domain shows that the domain is registered with Mumbai-based Compcaregroup.in and the registrant name revealed in the probe is Noopur Patel. Since the info drawn by whois probe is authentic, we can easily blame the organizations but we should not do so without investigation. May be, the cyber criminals have simply hacked their server and using it as a means of hosting the malicious software of whatever is there in the download link. A screenshot of the domain information from whois probe is given below:
Reason 6: Clicking on the download link asks to download a ZIP file
Okay, even if IT depart sends a challan (which it will never do after payment), it will send a pdf file which will not be zipped. Clicking on the download challan link downloads a zipped file. Zipped files from unknown sources cannot be trusted because they can have malware, spyware or even virus.
Reason 7: The footer has authentic links to both IT Department and NABARD
At the footer of the email, the copyright info shows IT Department’s information and the signature image is that of NABARD. Again, two bodies together make no sense and the links are actually authentic. Soessentially, authentic links are a method of hiding the true purpose of the malicious intentions.
So, if you come across this email, simply select it and hit the spam button. Save yourself some trouble and keep yourself safe from these cyber criminals who can go to any extent to get your financial information or any other crucial information.