Australians are being targeted by an Australian Taxation Office scam, identified by email security provider MailGuard. The email, purportedly sent from the ATO, encourages users to download an executable file containing malware.
Tens of thousands of emails to MailGuard clients are being stopped alone, but hundreds of thousands of users are being targeted across the country.
The ATO have been notified of this attack and confirmed that they never send emails containing executable files.
Fast breaking emails, also referred to as "zero hour" attacks, get through typical anti-virus protection and put Australians at risk, until new virus definitions are implemented.
If executed, the payload could infect users' machines with viruses or steal important data. Malware often works silently in the background, stealing your company data and affecting your business or personal brand without your knowledge.
Whilst the ATO has configured a Sender Policy Framework for their domain so security companies can easily identify and block such spam, end users are advised to watch out for any suspicious emails.
The current version of the spam is using DocuSign, as shown below.
