An employee in a private firm in Pallavaram lost ₹1.2 lakh after he clicked on a message enticing him with remittance of an income tax refund.
The victim received an SMS on his mobile phone — with a heading BZ — which did not display the sender’s number. The message said that income tax refund had accumulated in his account and that he should click on a link provided in the message for receiving a remittance.
The victim unsuspectingly clicked on the link and landed on his bank’s netbanking website, where he ended up entering his user name and password. Within seconds, he had lost ₹1.2 lakh to a fraudster who transferred the money to unknown accounts.
Similarly, another victim from Purasawalkam received a message stating that his income tax refund was approved and would be credited to his account.
It asked him to update his bank record in the link. Though he clicked the link, he deleted it subsequently sensing trouble. Yet, he lost money to the fraudsters.
Both the victims of the phishing attacks lodged complaints with the Central Crime Branch of the police.
“Earlier, conmen indulged in phishing by calling the victims and enticing them to share the One-Time Password on the pretext of updating Aadhaar number and PAN or bank account,” said a senior police officer.
“Now, they adopt a new phishing method.They just send a malicious link and swindle the money, leaving the account-holders high and dry,” the official added.
“The attackers can send any link to anyone. This is spoofing. They send [what looks] like an official message from the Income Tax department stating that he or she is eligible for refund,” said Capt. Vineet Kumar, president of Cyber Peace Foundation.
“If the victim clicks on the links sent to their mobile or mail, there is a high possibility that a malware is installed on the mobile and takes them to a fake website resembling the bank’s. Then a form is provided to fill details. As the phone is compromised, the hacker gets the OTP and get the money,” he added.