Warning: ATO scam emails are back

Warning: ATO scam emails are back

It's almost the end of the tax year, and the ATO scammers are up to their tricks again.

Security vendor Symantec has warned of active spam campaigns that are using a supposed tax refund as the bait to trick people into letting malware onto their computers.

Here's one example of these scammy emails:

An example scam email

The attached ZIP file contains a Trojan horse that attempts to disable security software running on the victim's computer and then downloads the Dyre malware, which Symantec recently described as the "most dangerous financial threat" - it steals user IDs and passwords for banking and other sites, tricks people into providing other personal information including date of birth, and installs additional malware.

Symantec also added its voice to previous warnings (eg, from the ACCC's SCAMwatch) about phone-based scams where people are being threatened with legal action or even arrest if they do not immediately pay an alleged tax debt.

The company's tips for staying safe this tax season are basically common sense, but we've paraphrased them here and added our own observations:

Be cautious. Just because an email or other communication appears to come from the ATO (or any other organisation, for that matter), don't take that at face value. Ask yourself whether it tallies with your experience of that organisation. For example, you probably pay money to the ATO by cheque, credit card or Bpay - so why would it suddenly ask you to wire the funds, or purchase and send prepaid debit cards?

Check. Contact the ATO directly if a communication doesn't seem 100 percent authentic. But don't use a phone number that's provided by the people making the approach - the personal tax information line is 13 2861, or 13 2866 for businesses. It's probably best to err on the side of caution by being sceptical of any number you see on a web page (even this one), and refer to either the paper phone book or a printed document such as a BAS form that you're sure came from the ATO. 

Use security software. And keep it up to date. It's not foolproof, so don't drop your guard, but it can help catch malware delivered by a malicious web page or a particularly convincing email.

Keep your computer's software patched and updated. This applies to the operating system and all applications, although the most popular applications (eg Adobe's Flash and Reader) tend to be the most often exploited. Some researchers have found that old vulnerabilities are the most commonly targeted by malware writers, which suggests many people are being very slack in this regard. The old joke about outrunning the bear seems relevant.

Source: Copyright © BIT (Business IT). All rights reserved.

See more about:  email scam  |  tax
Sign up to the BIT newsletter!
Our newsletter gives you the tech advice you need to make the right decisions for your small and medium business.

Latest Comments