If you are also planning to file ITR and get refund, then be careful because cyber thugs are now planning to defraud you through this. On Monday, a report has revealed that cyber criminals are now luring people on the pretext of income tax refund and looting them by gathering their personal information.
Cyber thugs are sending a message to the people to target themselves and in which there is talk of getting income tax refund. A link has also been given in this message, on clicking, a tax e-filing webpage is opening, which is fake. In such a situation, if a person falls into their treachery, then he may have to suffer heavy losses.
The customers of five banks are being targeted
Investigations by New Delhi’s Cyberpiece Foundation and cyber security firm Autobot Infosec have revealed that cyber thugs are targeting customers of Stat Bank of India, ICICI, HDFC, Axis Bank and Punjab National Bank. The report released by both think tanks also states that Suspicious links have been created from the US and France and clicking on it is collecting both personal and banking information which can cause huge losses to customers. is.
The whole bag is in the message
The link shared in the message does not have a domain name nor is it linked to the Government of India. The report also said that all the IPs associated with this campaign of cyber thugs are connected to a third-party cloud hosting provider. In this entire campaign, a plain http protocol is being used in place of Secure https, which means that anyone can intercept it and get the confidential information.
Wrong website opens on opening link
It asks users to download the app from third party instead of Google Play Store and the link in the message sent http: //204.44.124[.]160 / ITR, it is taken to a landing page that looks like a government income tax e-filing website.
This information will be sought after opening the link
When you open the link, when you click on the green ‘Proceed to the verification steps’ button, you will get your full name, PAN, Aadhaar number, address, PIN code, date of birth, mobile number, email address, gender, marital status and Banking information such as account number, IFSC code, card number, expiry date, CVV / CVC and card PIN will be asked. Apart from this, the bank’s name will be automatically detected by entering the IFSC code in the form.
After submitting the data, users will be redirected again to a page where they will be asked to confirm their information. After doing this they will be taken to a fake banking login page where the username and password of online banking will be asked.
Hackers are seeking permission for all things of mobile
After filling all the details, users will be asked to enter a hint question, answer, profile password and CIF number in the next step. After doing this, a mobile verification section will be found to complete the ITR verification where a certificate name will be asked to download the Android application which will be an .apk file and not you will get to download it from the App Play Store. As soon as the user downloads this app, it will ask the device to give permission to all the things.
The report said that the thugs have tried to fool all kinds of processes to fool common users so that customers do not suspect any way and get trapped. Let me tell you that you do not forget to click on any such link and do not react to such messages.