Facebook, LinkedIn, Buzzfeed, Huffington and Instagram users we send you a considered warning! India, along with other developing economies, is seen as a soft target for cyber and economic crime criminals. The latest scams are driven by the sheer size of the population submitting tax returns and using social network sites; this enables malicious software viruses to target this considerable and largely innocent population.
People are receiving emails which claim some important information is attached and which must be checked, so they do this and the malicious software self installs a virus onto the target’s computer, laptop or phone. It then steals important information and personal data in order to secure money maybe via identity theft.
Recently Symantec, the American security giant, stated that a significant increase in email and data identity fraud had increased substantially in the last 3 months. The mails often said that amounts had been deducted from the bank account as payment for income tax and the receipt is attached. Emails are even supplying the targets PAN details giving the impression of authenticity.
We know at our Jasper Centre for Cyber and Economic Crime that the attachment would have contained malicious software that keeps track of whatever the user types or whatever website they log into – this is known as keyboard logging. It can give cyber criminals access to passwords, chat records and other sensitive information about the user.
According to Symantec, of all the fraudulent e-mails being sent in the name of India’s income tax department, 43% are being received by users based in India, 13% by those living in United Kingdom and 20% by those living in the United States of America. “The structure and template of these mails is very close to the one that the department actually sends out to taxpayers. The ID that these mails are sent from differs from the original in some minute detail only, making it very credible for the recipient.” said one Symantec spokesperson.
The spokesperson for Symantec also added, “One sure shot way to identify fake tax e-mails is that the attachments with them are not password protected, which is the case with those actually sent out from the income tax department. The one sure thing that is mentioned in the fake e-mails about the attachments is that they may require specific software to be accessed, which is actually the trap.”
These criminal are not only targeting users from India in this manner, but those from many booming economies. “India tops the list of countries whose populations are prone to these attacks. This is also because of the huge number of Indians who have started to make financial transactions, including tax payments, through digital means. Businesses are also starting to have a big digital presence. In fact, start-ups have begun to put a lot of sensitive data on the cloud. All this makes it much more important for Indians to be very cautious about cyber security.”
LinkedIn: Fake accounts identifying the user as a recruitment manager, usually using photos of women from stock image sites as display pictures. They are used to map the networks of professionals they connect with to gather their e-mail addresses, phone numbers etc. for use of their phishing scams.
Facebook: Comments made through FB profiles on websites like Buzzfeed, ESPN or Huffington Post containing malicious links.
Instagram: Fake profiles with no pictures, stolen pictures or tiles of an inappropriate picture with a caption button declaring ’18+’. They interact with users, luring them to earn commissions or intimate encounters by clicking a link which is used for phishing.
Whilst the internet is a fantastic and convenient tool for doing business, it is also fraught with danger. Our advice is – users beware and vigilant!
Please forward this information.