ATO spoofed in new phishing email scam

Posted by Akankasha Dewan on 04 April 2019 14:05:45 AEDT

MailGuard has intercepted another email phishing scam purporting to be from the Australian Taxation Office (ATO). 

This scam email forms part of yet another variation of the ATO scam distributed by cybercriminals over many years. These scams traditionally prove successful by exploiting the well-established reputation of the government agency.

The scam emails use a display name titled 'Shipments in transit' with the actual sending address visible. This sending address appears to be a compromised account.  Arriving in plain-text form, the email starts with 'Dear sir' and then goes on to advise the recipients that the the ATO has given the sender instruction to contact them. The recipient is directed to consider the attached 'Tax documents' before they proceed with verification.

Here is a screenshot of the type of email to watch out for:

5205E011-A23D-43FA-ADAE-59E762A03329

 

The attached document is a PDF file, which includes ATO branding and a Norton logo. The document is 'protected' and a link is provided to view.

Here is a screenshot of the document:

 5E1D77A5-BC12-4497-A541-D47127E54AC8

 

The link within the PDF leads to a phishing page with the ATO logo tiled as a background, as per the below:

 

121EB481-170F-47DE-B52F-CB3A5E7EB9AA

Once the user enters their email address and password, they are redirected to the Yahoo! login page.

This scam has been designed to harvest unsuspecting recipients’ ATO login details. MailGuard urges all recipients of this email not to open any attachments or click on any links.

Advice from the ATO on reporting a scam

ATO’s website gives this guidance: “If you receive a suspicious email claiming to be from the ATO, do not click on any links, open attachments or respond to the sender. Forward the entire email to ReportEmailFraud@ato.gov.au without changing or adding any additional information and delete from your inbox and sent folder.”

How to identify a scam email

  • Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.
  • Never open an attachment (especially a .zip file or .exe file) unless you are expecting it. Files from unknown senders often contain malware or virus.
  • Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: Phishing email scam ATO Cybersecurity cybercrime

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all