Australian Taxation Office Phishing Email Offers Tax Refund

Never provide credit card information in response to an email notification

  Fake ATO tax refund form
Even though tax refunds should be processed and paid out by now, cybercriminals who probably had a great season continue to launch Australian Taxation Office (ATO) spam campaigns that promise tax refunds to unsuspecting users.

Even though tax refunds should be processed and paid out by now, cybercriminals who probably had a great season continue to launch Australian Taxation Office (ATO) spam campaigns that promise tax refunds to unsuspecting users.

The latest malicious email variant informs recipients that they’re eligible to receive a tax refund, Sophos’ Paul Ducklin reports.

“Please submit the tax refund request and allow us 6-9 days in order to process it,” reads part of the phony notification.

To make everything as legitimate looking as possible, the crooks even come up with an excuse for the delay.

“A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline,” the message concludes.

The main purpose of the email is to try to convince the recipient to open the attachment and provide highly sensitive information.

Once the attachment is opened in a browser, a well-designed form appears on the screen, requesting the user to provide data such as name, date of birth, address, city, postcode, sort code, card number, expiry date and card verification number.

If the Continue button is clicked, all the information is submitted to a server in the US.

Fortunately, this variant is detected by Sophos products as being malicious and the submission URL is blocked.

Even so, users are advised to take a few precaution measures to make sure they’re protected against these phishing expeditions.

First of all, never provide sensitive information, especially credit card details, in response to an email. Legitimate institutions will never send you such notifications because they're aware of the large number of fraud attempts.

Also, always take a good look at the sender’s email address. In this case the emails come from an ato.com.au domain, but the legitimate domain is actually ato.gov.au.

Comments