Beware of new wave of ATO scam emails

Beware of new wave of ATO scam emails

Thousands of fake emails confirming tax refunds of more than $6,000 from the Australian Taxation Office are circulating. Click to see what they look like.

It's tax time and scammers are again sending spam emails that purport to be from the Australian Taxation office but are really intended to install malware on victim's computers.

Three separate "waves" of the fake emails have been reported during July and August, including more than 10,000 messages sent on August 6. 

In some cases the email includes the message "TAX REFUND NOTIFICATION" and claims that the receiver is entitled to a refund amount of more than $6,000.

We were alerted to the current wave by Bitdefender, which warns such campaigns are likely to become heavier and more targeted in the run-up to the 31 October deadline for lodging returns.

The current campaign is very similar to the one we reported last month http://www.bit.com.au/News/350337,this-is-what-the-scam-australian-taxation-office-email-looks-like.aspx . It's quite different in appearance to the one in February http://www.bit.com.au/News/331734,warning-australian-taxation-office-scam-emails-circulating.aspx , but the objective is the same - to induce recipients to open an attachment that is actually a piece of malware.

Various types of malware are being spread in this way, including ZeuS which has the goal of stealing Internet banking and other credentials.
 
Here's what the offending email looks like:
 
 
Bitdefender also warns of spam/malware campaigns using the names and logos of well-known financial institutions:
 
 
Important note: While you should keep your security software up to date in case a dodgy email slips under your or your employees' guard, don't rely on this stopping these scam emails. In July, Mailguard warned that 37 out of 47 vendors' antivirus software did not detect the malware delivered in a previous ATO scam, at the time that campaign was at its peak.
 
Remember, the ATO doesn't contact taxpayers in this manner, and we don't know any banks that use email this way. So if you have even the slightest suspicion that an email really is from your bank or the ATO, don't open it but instead contact them by other means (for exmaple, use the phone) to find out what they want.
 

Source: Copyright © BIT (Business IT). All rights reserved.

See more about:  ato  |  tax  |  scam  |  email  |  security
 
 

Readers of this article also read...

Sell something online? 10 tricks you can use 

Sell something online? 10 tricks you can use

 
See Sony's very, very big Xperia Z Ultra waterproof phone 

See Sony's very, very big Xperia Z Ultra waterproof phone

 
Spreadsheets in the cloud: are you feeling lucky? 

Spreadsheets in the cloud: are you feeling lucky?

 
Where can I get Windows 7? 

Where can I get Windows 7?

 
Buy a new laptop or wait? 4 hot laptops that might be coming this year 

Buy a new laptop or wait? 4 hot laptops that might be coming this year

 
Get our free eBook!
Join thousands of others! Get our latest free guides and tech basics delivered to your email inbox and get our FREE 32-page eBook to prepare you for the NBN!
The NBN Toolkit

Latest Comments

Latest articles on iTnewsLatest iTnews Articles
Telstra, DiData battle for Canberra cloud market
24 Nov 2014
Big players announce govt-focused services.
Google flying more, longer-lasting Project Loon balloons
24 Nov 2014
Clocks faster deployment speeds in high-altitude internet initiative.
Third-party app data at risk from iOS 'Masque' flaw
24 Nov 2014
App developers encouraged to encrypt data on devices.
MPs reject e-voting over cost, integrity fears
20 Nov 2014
No need to tempt the ‘luck of the Irish’.
WhatsApp rolls out end-to-end encryption
20 Nov 2014
Offers extra-strength security.
Ads by Google