Fake ATO emails spreading malware

By on
Fake ATO emails spreading malware

A "huge run" of fake ATO emails is delivering malware, including ransomware and keyloggers, according to MailGuard.

Thousands of copies of bogus emails purporting to be from the Australian Taxation Office were distributed recently, according to email security vendor MailGuard.

The "well-formatted" emails tell recipients that their Business Activity Statement (BAS) is available to view, but the link delivers a .zip file containing a malicious JavaScript which in turn downloads malware such as ransomware (which renders files unusable by encrypting them) or keyloggers (which can capture passwords and other information).

Each of the emails contains a unique link, "making it hard for antivirus software to detect the bulk email as suspicious," said MailGuard CEO Craig McDonald.

So watch out for something similar appearing in your inbox, and always behave with a degree of scepticism and avoid clicking blindly on links.

In this case the sender address appears as "BASnotification@ato.gov.au" but the messages actually originated from a compromised account at the SendGrid bulk email delivery service. McDonald warned that SendGrid is an increasingly frequent vehicle for email attacks.

A screenshot of one of the fake emails, courtesy of MailGuard
Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?