In an effort to further enhance our company’s cyber defences, ClearTax would like to highlight a common cyber attack known as – phishing.

“Phishing” is a common form of cyber attack that may affect organizations like ours. Phishing attacks may take many forms, however, they have a common goal – getting to your sensitive information such as login credentials, credit card information, or bank account details.

Recently, it was brought to our notice that such phishing emails were doing the rounds on the internet, under our company’s banner. We’d like to set the record straight by stating that we have not initiated any such ambiguous communication from our end. A sample of such a communication is attached here:  


In any event, you receive such communication please disregard it immediately.

Keeping our users’ interest as the priority, we’ve outlined different types of phishing attacks to watch out for:

  • Phishing: Hackers may impersonate a real company to procure your login credentials. You could receive an email asking you to verify your account details with a link that may take you to a hoax login screen and deliver your information directly to them.
  • Spear Phishing: Slightly more sophisticated than a common phishing attack. It generally includes information that may be customised and asks for your company name, phone number, etc., which makes the attacker seem like a valid source. This increases the probability of you clicking on a link or attachment provided by them.
  • Shared Document Phishing: You could receive an email that may appear to come from file sharing sites like Dropbox or Google Drive. The link provided in these emails will take you to a fake login page that mimics the real login page in a bid to steal your credentials and other relevant data.

How can you tackle this issue?

If you receive any suspicious communication via emails, please observe the following email practices:

  • Beware of email senders that use suspicious/misleading domain names
  • Inspect the URLs carefully to make sure they’re legitimate and not imposter sites
  • Do not click on links or attachments from senders that you do not recognize
  • Beware of .zip or other compressed or executable file types
  • Do not provide sensitive personal information like usernames and passwords over email
  • Please do not open any shared document that you are not expecting

In case you cannot tell if an email is legitimate, please share the email you’ve received to with your query in detail. Please note, you must share the details using this guide. Alternately, if you wish to verify the legitimacy of the emails you’ve received, you can verify them on any of these platforms yourself.

Use as a reference and report the phishing domain to:

  • Google – Block in Chrome, Firefox, Android, iPhone, Google, and more
  • Microsoft – Block in Edge, Office 365, and Internet Explorer
  • NetCraft – Send to computer security companies
  • Symantec – Submit to Norton
  • Blue Coat – Symantec has not yet integrated with Norton submission
  • McAfee – Select real-time, click ‘check’ and click ‘submit’ at the bottom
  • Websense/Forcepoint
  • Webroot BrightCloud – Provides data to PaloAlto firewalls, many others
  • Cisco PhishTank – Very effective, but requires registration
  • Kaspersky – You can also report the host to the hosting provider. For example, if it is hosted by Cloudflare, you can report it to Cloudflare.

If you have any queries regarding the same please, feel free to write to us at