"It is the season of income tax returns. Many people file them online. Cyber criminals use this time to launch phishing attacks through emails as many people are not aware of these things," says Vinoo Thomas, Technical Product Manager, McAfee Labs.
"An email is sent to a number of people, saying IT refund is available. Once it is clicked, the user is directed to a website that looks like that of IT dept. And there, they ask you to disclose your personal financial details in a form.
That information will end up with a scammer who can empty your credit card or bank account in no time ," he adds.
For the financial year 2010-11, the Income Tax department has processed over 38 lakh e-filed returns.
According to cyberlaw expert, Pavan Duggal, unawareness among public and technical sophistication of the cybercrooks has led to increase in phishing attacks in recent years in India.
"People do not know that their financial details can be targeted and misused through Internet. Also, they seem unaware of the policies of financial institutions and government departments to contact their customers," says Duggal.
What further complicates the matter, according to him is the technical sophistication of such crooks.
"If users are becoming aware of such frauds, these criminals are developing techniques to counter this awareness.
The phishing emails and web sites are made to appear exactly same as that of the original one which confuses the users," says Duggal.
The recent examples of phishing attacks include RBI phishing scam, ICC World Cup 2011 scam and Valentine Day scams.
"Collecting e-mail addresses from spam mail vendors is not a big deal. People still mention their e-mail address openly on forums and social media networks that makes life easier for online fraudsters. People still don''t use spam filters," says Thomas.
According to an IT official, "A number of taxpayers receive such e-mails with subjects like tax refund and seeking refunds during this time of the financial year. The IT department does not send e-mails regarding refunds and does not seek any personal financial information online."
"We also advise tax-payers to keep their user ID and password secure and keep changing them periodically when checking tax credit statements online," he added.
Apart from taking precautionary steps like not divulging banking details online and not clicking on such e-mails, Duggal says there is need for stringent law to deal with such criminals.
"This is a bailable offence which comes under IT Act, 2000. We need to get strict on this. Our conviction rate in cyber crimes is very very low, just three in last 15 years," he says.