Cyber experts have warned Internet users of phishing scamsters who are luring people with government domain names and sending unscrupulous e-mails to collect financial and personal information.
Mail boxes of people are being hit by an e-mail sent from "email@example.com", informing them of a tax refund pending with the department which can be collected by entering their financial and bank-related information by clicking on a given hyperlink in the mail. The Income Tax Department's web link also has the address "www.incometaxindia.gov.in." which gives the scamsters' email a genuine image and even prompts people to share the information.
According to private cyber security firm XCySS, such e-mails show that the department had not properly secured its server.
Mukesh Saini, chairman of the firm, said, "It seems that the website has an open proxy domain which allows anyone to assume the name of the Income Tax Department domain and send mails from it and it can be changed if the mandarins of the department instruct their service providers". If someone received an e-mail or found a website to be pretending of the I-T Dept, the e-mail or website URL could be forwarded to firstname.lastname@example.org with a copy to email@example.com.
"This is a very serious mistake on part of the I-T Dept and service providers which are maintaining their servers. There are some settings which need to be done in the the server on which the web site of the department of hosted," Saini said.
According to Saini, a former Naval commander, open proxy can be misused for sending notices, if not phishing messages, and extortions can be made by unscrupulous elements.
Click here to read more ....
Solutions : www.xcyss.in