Indian Computer Emergency Response Team Warns about the Unsafe Income Tax Emails
Indian government cybersecurity body, CERT (Computer Emergency Response Team), has issued a warning to Indian citizens about an unsafe online campaign relating to fake emails looking to be sent from the Indian Income Tax Department. As people take the emails from the Income Tax department seriously. Scammers are taking advantage of this by pushing malware concealed as an email from the IT department.
Here is all that you need to know about these 'unsafe' emails.
1. These Income Tax emails are subjected as IT returns or statements
As per Cert, these fake emails have subject as: 'Important: Income Tax Outstanding Statements A.Y 2017-2018' or 'Income Tax statement' to attract people's attention.
2. These 'unsafe Income Tax' emails started circulating from September 12
The fake income tax emails are generally sent from a domain named 'incometaxindia[.]info.'
3. Two variations of these fake emails: Attachment with extension '.img.' and '.pif.' file
CERT-In has found that two fake emails are getting circulated. The first type includes an attachment with extension ".img" which contains a malicious ".pif" file. The second type lures the users to download a malicious ".pif" file hosted on a Sharepoint page through a link of fraudulent domain incometaxindia[.]info
4. CERT-In warns Emails are aimed at stealing personal information
As per CERT-In, the malicious attachments containing ".pif" files contact a Command and Control server to modify the Windows registry and try to steal user's personal information.
5. The campaign is like the "Ave-Maria" malware
This campaign is unsafe because it matches with the "Ave-Maria" malware. It came with DLL hijacking ability that allowed it to get advanced admin access and bypass traditional detection methods. This malware can also secretly download other plugins and malicious content.
6. It is highly recommended not to open documents from untrusted emails, also disable running macros in MS Office by default
7. CERT-In is suggesting businesses to do these changes to prevent unauthorised access