Phishers taking advantage of the extended deadline for Indian taxpayers to file their income tax have cleverly thought of a way to trick customers of various banks with the same initial approach.
The deadline was extended by the Indian Central Board of Direct Taxes due to the fact that the country was hit by floods, and phishers have quickly moved and set up phishing websites pretending to be the legitimate website of the Income Tax Department, on which users could apparently compile an online tax refund request:
Symantec reports that after choosing one of the 10 Indian banks offered in the drop-down menu, the victim is redirected to another phishing page that spoofs the login page of that particular bank. Once the login credentials are entered, the victim is finally redirected to the legitimate website of the bank.
As always, users are advised not to follow links from e-mail messages before checking if the URL offered really belongs to the institution or business in question. It is advisable for everyone to type in the domain name of the business or institution whose website they want to visit directly into the address bar of the browser.