Fwd: Tax-Refund Notification....

101 views
Skip to first unread message

Ritesh Agrawal

unread,
May 7, 2012, 1:06:54 AM5/7/12
to null-...@googlegroups.com
Fishing mail from Ministry of finance ;)

---------- Forwarded message ----------
From: Income Tax Department <ref...@incometaxindia.gov.in>
Date: Mon, May 7, 2012 at 9:48 AM
Subject: Tax-Refund Notification....
To: ritesh...@gmail.com



Dear Valued Taxpayer,

We have reviewed your tax fiscal payment for previous years and have decided that you are qualified for a refund of the sum of 36,120.05 INR which is your accumulated tax surpluses. Please submit a tax refund request and allow us a period of 10(Ten) working days to have it processed.

To submit a request CLICK HERE

We appreciate taking the time to learn about our tax refund. It's one more way Income tax department can make your tax payment experience better.
Endeavor to fill in your Information accurately, to enable us remit the refunds into your account without delays.

Refund can be delayed for some reasons:
  • Applying after the deadline of notification.
  • Submitting incomplete/inaccurate account information.
 Tax_Refund Department
Department 0f revenue,
Ministry 0f finance,
lndia



--

-Ritesh

Vicky Shah

unread,
May 7, 2012, 1:20:23 AM5/7/12
to null-...@googlegroups.com
Correction: its not from ministry of finance; its of ministry of finance.
Sent from BlackBerry® on Airtel
From: Ritesh Agrawal <ritesh....@gmail.com>
Date: Mon, 7 May 2012 10:36:54 +0530
Subject: [null] Fwd: Tax-Refund Notification....
--
Get ready to Goa - nullcon Security Conference
http://nullcon.net
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/

Aniket Rastogi

unread,
May 7, 2012, 1:55:03 AM5/7/12
to null-...@googlegroups.com
The link in the above mail refers to a phishing page....it must be brought down at the earliest before any one falls con to it...the url of the page is :

http://hanami.com.br/tools/pear/scripts/index.html?id=refund
--
Aniket Rastogi
SCIT, 2010-12

$kalyan$

unread,
May 7, 2012, 12:00:27 PM5/7/12
to null-...@googlegroups.com
Phishing scam.Stay away.

forward if you are getting any scam mail related to incometax india,mail to phis...@incometaxindia.gov.in & forward if you are getting any scam mail related to  india gov mail to inci...@cert-in.org.in

Regards
Kalyan

Prajwal Panchmahalkar

unread,
May 7, 2012, 12:20:14 PM5/7/12
to null-...@googlegroups.com
Does India have a tax refund system online ??

Sent from my iPhone
--

kalyan

unread,
May 8, 2012, 3:13:04 AM5/8/12
to null-...@googlegroups.com

Aman Gujar

unread,
May 8, 2012, 4:20:13 AM5/8/12
to null-...@googlegroups.com
Reported And Blocked the URL :D

Venk Deshpande

unread,
Jul 5, 2012, 7:46:18 AM7/5/12
to null-...@googlegroups.com
This is not genuine email .. it is Phishing email..

Just by getting the email will not make you lose the rs. 34000 .You might have clicked on the phishing link and entered your bank credentials..

http://en.wikipedia.org/wiki/Phishing

click on the main site of IT http://incometaxindia.gov.in/

it states....

The Income Tax Department NEVER asks for your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts through e-mail.

The Income Tax Department appeals to taxpayers NOT to respond to such e-mails and NOT to share information relating to their credit card, bank and other financial accounts.

.....

/V


On Thu, Jul 5, 2012 at 4:44 PM, rk <rk.w...@gmail.com> wrote:
I also get this mail, after that in my bank rs, 34000 amount is missing
+

--
Get ready for the Dilli Shakedown!
nullcon security conference Delhi Sept 26-29th 2012

Rajesh A.

unread,
Jul 5, 2012, 8:07:22 AM7/5/12
to null-...@googlegroups.com
how money is missing ? Have U given any details in the phishing page ?

R@J


On Thu, Jul 5, 2012 at 4:44 PM, rk <rk.w...@gmail.com> wrote:
I also get this mail, after that in my bank rs, 34000 amount is missing
+

On Monday, May 7, 2012 10:36:54 AM UTC+5:30, Ritesh wrote:

--

Shankar Shrivats

unread,
Jul 11, 2012, 4:14:34 AM7/11/12
to null-...@googlegroups.com
Sir, it would be much more helpful if you could elucidate what steps did you take after you received the phishing mail.
1. Did you click on the link?? If so did you provide your credentials like username and password in the page that showed up??

2. If no then were you logged into the SBI Banking website at the time you clicked on the link provided??

It could be a CSRF (http://en.wikipedia.org/wiki/Cross-site_request_forgery) attack or just a normal phishing link in which you provided your sbi credentials.

The time of the repeated withdrawals will be helpful too as you can see whether there was any time delay in the consecutive withdrawals or not. (Which could reflect a Request Replay done using the CSRF vulnerability)

I am saying these things because other similar customers might also be at risk if there is a serious vulnerability.

What is the bank's response to your issue??
Are they doing any investigation into it or not??
Hope u have reported the cyber crime.
Keep us informed.

On Wed, Jul 11, 2012 at 12:55 PM, rk <rk.w...@gmail.com> wrote:
 
 

I am having saving account in State bank of India – Tennur –Trichy for fast 6 years.On 12th June 2012 Rs.20020 has been debited from my SBI account without my knowledge (with Rs 2002 in 10 times)... 12th-June-2012, I did not make any transaction.

The following message in my statement shows the transaction details:

(12-Jun-2012) POS PRCH POS 201206725000 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201206725577 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201206725601 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201207726037 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201207726617 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201207726736 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201207727093 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201207727296 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201207727394 BILLDESK SBIPG 2,002.00

(12-Jun-2012) POS PRCH POS 201207728034 BILLDESK SBIPG 2,002.00




Rajesh A.

unread,
Jul 11, 2012, 4:23:01 AM7/11/12
to null-...@googlegroups.com
Hi,

In SBI we can configure SMS enabled verification for all transactions.

As this is a third party web site purchase. There much be the second factor authentication and otherwise it is not possible to do the transaction.

SBI has enabled high security for each transaction and they will send SMS to the registered mobile.

If this attack happened after enabling this then the attacker have access to your registered mobile or he have access to cloned SIM !! Really dangerous case.

If this attack happened without enabling high security inside SBI Online I would request you to enable the same ASAP.

It seems like he has become victim of phishing not CSRF.

Thanks & Regards.
R@J


sanjay gautam

unread,
Jul 11, 2012, 5:31:23 AM7/11/12
to null-...@googlegroups.com
Hi

Income Tax refund phishing emails were also circulated in 2009 and it took only few mins to report it to concerned agencies and hours later, the site was blocked.

Attaching a PDF, hope it will be useful.

Regards
Sanjay


phishing.pdf

Rajesh A.

unread,
Jul 11, 2012, 6:02:05 AM7/11/12
to null-...@googlegroups.com

It happens every year ...
http://tech-spirit.blogspot.in/2011/12/income-tax-india-spam-and-phishing.html

With different URLs/IP location ...

R@J


Mohammed Ibrahim

unread,
Jul 11, 2012, 9:02:23 AM7/11/12
to null-...@googlegroups.com
RK,
 
Previously you have mentioned the deducted amount was Rs.34000\-, and now you are claiming it to be Rs.20020\-.
 
Did you able to track where the remaining amount had been spent? There may be chances of some repeated transactions using online banking and hence amount got deducted multiple times.
 
I had also seen that you are not very careful in protecting your confidential banking information and you are even exposing your full bank account number and full details in various open forums.

--
Mohammed Ibrahim,
Information Security Associate,
Convergys Hyderabad.

Rajesh A.

unread,
Jul 11, 2012, 9:13:45 AM7/11/12
to null-...@googlegroups.com
You are right Mohammed Ibrahim
This is the link -> http://www.consumercourtforum.in/f5/amount-deducted-online-using-billdesk-sbipg-via-sbi-mastero-debit-card-80441/

R@J

Mohammed Ibrahim

unread,
Jul 11, 2012, 9:24:23 AM7/11/12
to null-...@googlegroups.com
@Rajesh: Yes, I don't want to mention the other link's where his account number is also visible.
 
--
Ibrahim

Rajesh A.

unread,
Jul 11, 2012, 9:27:59 AM7/11/12
to null-...@googlegroups.com
So team after all I am not understanding what is this happening in NULL mailing list now ? !
The person who need a solution is not turned up after posting. He just posted a question and disappeared and after all this is some other problem... This has gone far away from security!

R@J

webDEViL

unread,
Jul 11, 2012, 9:33:27 AM7/11/12
to null-...@googlegroups.com
So, you mean to say someone who hasn't replied in 6 hours has disappeared from the internet? I sleep longer than that.

Also RK I will help you,
But you will have to send me First 8 Digits and Last 8 Digits from your Debit card. Also please send me the ATM pint to make sure that it is your card and you are not a fake!

Mohammed Ibrahim

unread,
Jul 11, 2012, 9:38:24 AM7/11/12
to null-...@googlegroups.com
Good joke!! Are we starting phishing attacks within NULL!!!

w3bd...@gmail.com

unread,
Jul 11, 2012, 9:40:42 AM7/11/12
to null-...@googlegroups.com
Oh yes!
There is no space for stupidity.
Sent from BlackBerry® on Airtel
From: Mohammed Ibrahim <mohdibr...@gmail.com>
Date: Wed, 11 Jul 2012 19:08:24 +0530
Subject: Re: [null] Re: Tax-Refund Notification....
Reply all
Reply to author
Forward
0 new messages