IT department recently encounters a new Fake Income Tax Refund Message scam. When we analyse further about the scam we came to know this is a Phishing one. The message came on a user phone and ask them to click on a link. Once the user click on the link it leads them to a portal that is the mirror image of State bank of India portal. Now, the portal ask them to enter some details like PAN Number, Full Name, Communication Address, Pincode, and Mobile Number. I post out the screenshot below.
Yesterday, I also got a mail from Income Tax Department of India (the real one). In the mail they clear about this scam and ask me to don’t fall prey to any such kind of scam. Moreover, IT Department of India also post a tweet about this scam alert of December 13.
Now, coming to the analysis of this scam. A Twitter user analyse this whole scam process in detail. The scam starts with a message containing a bit.ly shorten link. Like in the Screenshot below.
As we clearly see the message ask the user to click on the link which leads them to a further URL. That URL (also the portal) looks exactly like State Bank of India which in turn ask user some other details as we mention earlier in the post.
When Kartik reverse engineer this shorten URL he found it belongs to a russian domain i.e. http://erruza.ru. He analyses further to know there are a total of 4,028 link clicks on that shorten URL.