Akankasha Dewan 19 June 2020 14:31:52 AEST 4 MIN READ

Australian Taxation Office spoofed in phishing scam; email claims to share new “invoice” from ATO

MailGuard has intercepted another email phishing scam purporting to be from the Australian Taxation Office (ATO). This scam email forms part of yet another variation of the ATO scam distributed by cybercriminals over many years.

 These scams traditionally prove successful by exploiting the well-established reputation of the government agency.

The malicious email uses a display name of “ATO”, followed by an email address beginning with “admin@”. However, the domain used in the sender email address does not belong to ATO. The email is titled “ATO (Australian Taxation Office) has shared INV_43189_CO.pdf”.

The email body includes computer software company Adobe's logo, and informs users that a letter is attached "from ATO for your amount owing” and that “to avoid any interest or penalties”, the recipient should “pay the ATO by the payment deadline”.

Here is what the email looks like:



Unsuspecting recipients who click on the link to view the document are led to a page that claims "this file is protected by Adobe Technology". To view the file, users are asked to "log in" with their email address. This is a phishing page.


This scam has been designed to harvest unsuspecting recipients’ email login details. MailGuard urges all recipients of this email not to open any attachments or click on any links.

The phishing email contains several typical elements that attempt to trick recipients into falling for the scam. These include:

  •  The presence of a subject line and display name that indicate the email is from ATO. This boosts the credibility of the email, as these are elements likely to be present in an official notification from a well-established agency like ATO,
  • And an attempt to alarm; including the threat of penalties or interest should the recipient fails to do the email’s bidding creates a sense of alarm and urgency, motivating the recipient to click on the malicious link.

Despite these elements, the email in itself contains several tell-tale signs that commonly belong to fraudulent emails and should help eagle-eyed recipients point to its illegitimacy. These include the fact that the recipient isn't addressed directly, the ‘from’ field in the email doesn’t use a familiar domain and the presence of grammatical errors like: "Find attached letter from ATO for your amount owing”.

Advice from the ATO on reporting a scam

ATO’s website gives this guidance: “If you receive a suspicious email claiming to be from the ATO, do not click on any links, open attachments or respond to the sender. Forward the entire email to ReportEmailFraud@ato.gov.au without changing or adding any additional information and delete from your inbox and sent folder.”

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates