There is no free lunch. Be careful if someone tries to offer you free money, even if it’s in the name of income tax refund. Read on to learn more about one of the latest phishing attacks and protect your sensitive data.
One of the most popular tactics of scammers is to woo potential victims by offering to donate money. And when the money is seen to be given by a government agency, it seems more tempting. This is exactly what is done via a Trojan horse malware attack where the victims are promised an income tax refund.
During this process, hackers steal your banking information, hack your phone, and gain access to your banking network.
The Ministry of Electronics and Information Technology (MEITY) has warned that customers of 27 banks have already been victims of this phishing attack.
How it works?
First, the phishing website sends an SMS link masquerading as the tax service website. Victims are then asked to fill in some personal information before receiving a file to download which would complete the verification process.
Once the application is opened, the victim is asked to allow access to SMS, call logs and contacts. Even if the victim does not give permission, the form asks for data such as name, PAN, cell phone number, Aadhaar, address, date of birth, debit card number, PIN code, CVV, bank account number, e-mail address, IFSC code.
Once this information is entered, the victim is informed that there is a pending refund that could be sent directly to the bank account.
Then when the victim clicks “forward”, an error is displayed and asks the user to update. While the fake update screen is displayed, the malware in the backend sends user details to the hacker’s system.
Now, the real damage occurs at this point when the hacker generates the bank-specific mobile banking screen and displays it on the user’s device. The user is then prompted to enter the mobile banking information that the attacker captures.
What can you do?
This was brought to the attention of MEITY’s Computer Emergency Response Team (CERT) who informed users of the existence of this malware and warned them against the hacker trap.
The malware is believed to be Drinik which in 2016 came about as an SMS thief and then evolved into a Trojan horse that tricks users into sharing important banking information.
And if a customer receives such a suspicious link, they should report it to [email protected]
Caution should be exercised before downloading suspicious links. And remember that any link and mail from a government agency ideally has “gov.in” in the URL.
How to protect yourself from a phishing attack?
1. All government communication is sent from official websites which invariably have gov.in.
2. Never trust a website that makes arbitrary claims like free offers, refunds, cash backs at the expense of sharing your data.
3. Whatever the purpose, you must not share your CVV number, PIN code, etc.
4. If a web or text link or claims made in the link appear suspicious, exercise caution and educate yourself about it.
5. If in doubt, report the incident to [email protected]
Never miss a story! Stay connected and informed with Mint. Download our app now !!