Taxpayers, watch out for this RBI site

Cyber criminals are using their best bait in the Indian cyber space to con more and more internet users. This time it’s in the name of the apex banking organisation of the country, the Reserve Bank of India (RBI).

Researchers at Pune’s Global Intelligence Lab of e-security giant Symantec found a phishing spam propagated in the cyber space wherein a fake website carrying RBI’s name has been created.
After the income tax department announced that the last date for sending tax returns for the present financial year has been extended to July 31, phishing sites have been created to con internet users.

The website carries the RBI logo and name and it has been mentioned on the homepage that the users will get their tax refund amount deposited into their personal bank accounts. Users are lured into putting their personal and confidential banking details on the website.

Gaurav Kanwal from Symantec said, “Symantec has been in contact with the RBI. The bank has said that emails sent in its name to customers have been observed asking for bank account details. The RBI has clarified that it has not sent any such emails and that the RBI or any bank never issues communication asking for bank account details for any purpose. The RBI has appealed to the public to not respond to such emails and not share their bank account details with anyone for any purpose.”

A list of country’s eight leading banks has been mentioned of the website. Users are asked to select the bank in which they have their accounts. They are then asked for their customer ID and PIN or the password. Assuming it to be the RBI website, users end up providing such confidential details, making themselves easy target for cyber criminals who have launched the website and extract the valuable information.

The fake website then takes the users to another webpage which asks for their credit card and/or debit card details. After users key in these details, the website displays a message acknowledging that the request for the tax refund has been submitted successfully. Users are then redirected to the real RBI website.

This is not the first time that a government institution’s site has been spoofed. Last year, during the same period, a website in the name of the income tax department had been created by cyber criminals.
To avoid phishing attacks, internet users are advised to not click on suspicious links in email messages, avoid providing any personal information when answering an email, never enter personal information in a pop-up screen and update security software frequently.