14 DAY TRIAL // Security researchers warn that a phishing kit designed to spoof multiple banks is being used to target taxpayers during the tax season in Australia.
Security vendor Websense warns that after the wave of HMRC and IRS-themed phishing emails seen earlier this week, a new campaign targets the Australian Tax Office (ATO).
However, in this new case, phishers are using a kit designed to spoof the websites of seven different Australian banks.
The rogue emails direct recipients to a site mimicking the Australian Tax Office e-tax refund Web page which asks them to select their bank by clicking on its respective logo.
Doing so will redirect victims to fake login pages for the online systems of those financial organizations, making it clear that this attack targets online banking credentials.
According to the Websense researchers who analyzed the campaign, the phishing kit is well crafted and mimics the directory structure of the real Australian Tax Office website.
"The kit was also held on several other compromised Web sites to enable the failover of the attack - given the limited lifecycle of phishing sites, more users fall victim to them in the first 24 hours of the attack.
"The readiness of this phishing toolkit exceeds Rock Phish, a kit that we have monitored in previous years: whereas Rock Phish had a tendency toward volume attack, this is well-crafted and links several financial institutions in one place," they write.
Last year we reported about variations of this phishing kit that were designed to spoof the websites of taxation authorities and banks in India or the United Kingdom.
Meanwhile, researchers from email security vendor AppRiver, warn that HMRC-themed tax refund phshing emails targeting UK taxpayers continue to hit email inboxes hard.