The message, detected and blocked by MailGuard this morning, contains the Australian Taxation Office logo and tells the recipient they need to view an attached report.
The attachment, however, is a Microsoft Word macro capable of downloading a Trojan – a type of malware designed to allow remote, unauthorised access to a computer.
Several versions of the email began circulating at about 10am today. MailGuard was among two of 54 security providers to identify the attachment as malicious this morning.
The emails are an updated version of a similar ATO-impersonating malware email that flooded Australian inboxes on an enormous scale two weeks ago.
Those who click the attachment on the new iterations are prompted to ‘enable editing’, and then ‘enable content’. This grants permission for the malware to be installed.
The emails came from recently-generated domains such as atogovemail.net and atogovemail.com.au.
The cybercriminals behind the scam registered multiple ‘.au’ domain names for the scam in an attempt to dupe recipients into thinking it is a legitimate communication from the ATO.
Advice from the ATO on email scams
The ATO advises that it never:
- Asks you to pay money to receive a refund or payment
- Asks you to pay a debt via a prepaid credit card or voucher
- Asks you to provide personal information, like your TFN or credit card number, via email or SMS
- Requests your credit card details to process a payment on your behalf.
You can report or verify a scam on the ATO website: https://www.ato.gov.au/general/online-services/identity-security/verify-or-report-a-scam/
The dangers of macros
By enabling a macro, email recipients are allowing criminals to automatically install malicious files, such as Trojans or keyloggers.
A keylogger is a type of spyware that can watch and record your keystrokes. It can see what you write in an email, what passwords you enter on a banking website, or any other information you provide online.
Trojans sit quietly in the background, taking actions not authorised by the user, such as modifying, stealing, copying or even deleting data.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.