Just a quick warning to folks reading this that there’s a Phishing email doing that looks like it’s from the Indian Tax Department is doing rounds. The email text reads
Averse that some of us have become to reading the complete text I clicked the link that took me to
and it was only when I saw the card number and card verification number that it occurred to me something’s not right here. On close examination things started to fall out of place. This page is a cleverly devised one and can make a lot of people fall for it unless they are alert enough. The right side pane have links to actual sites and the look is a complete rip off from an official site. While this might be a clever attempt it isn’t perfect and here’s why(keep this things in mind for similar situations)
1) Asking for Card Number and/or Pin: If anyone needs to transfer money to you, all they need is your name, your bank account number and branch. There isn’t any need for a credit/debit card number and pin
2) Non Clickable Icons/Links: On trying to find where various links on the sites are pointing out I realized that left pane is just an image and not an html section with actual links, the same holds true for the footer which looked genuine but is just an image
3) Generic Name: On a closer look you’ll realize that all the text from email to the web page is not being addressed to you or anyone in particular. It’s just a generic text like ‘Dear Applicant’ and a silly ‘Dear Income Tax Department of India customer’ for email
4) URL: The site URL could be a great pointer in Phishing cases and the URL here (http://indiataxrefdep.com/folder/) reveals that something isn’t right here. When was the last time you accessed a government site which had ‘folder’ in it’s url? Also, aren’t government sites on the ‘.gov.in’ domains?
5) Email Sender: It’s really important to check the sender email id of such emails(which I didn’t check in the first place to be honest). On second thoughts a quick look at the email id would have cleared all doubts, the sender email was ‘email@example.com’. Yes, an Income Tax Department email coming from a yahoo mail id.
These five tips should be helpful in figuring out if an email is a Phishing attempt or not. Feel free to add more points to the list.
I had written a similar post to avoid being Phished on Facebook, you can read it here