Jaclyn McRae 30 November 2016 15:33:45 AEDT 3 MIN READ

Breaking: Fake ATO email distributes malware on enormous scale

 Tens of thousands of Australians are at risk of downloading a virus with a single click thanks to a malware spam email designed to impersonate the ATO.

Rather than originating from the Tax Office, the email is a hoax sent from a set of domains registered less than 24 hours ago. All are just slight variations on the real ATO address (https://www.ato.gov.au/).

The email tells recipients action is required, and asks them to read and respond to an attached document. But those who click the Microsoft Word attachment are at risk of exposing their system to malware.

The email looks quite legitimate, and includes the recipient address within the text body. It includes Australian Government branding and confidentiality clause.

Fake ATO email distributes malwarenNov302016 MailGuardlong-1.jpg

The document contains a macro that when executed, downloads a virus from a remote location.

It instructs recipients to click ‘enable editing’, and then ‘enable content’ – which actually gives the green light to activate the virus.

Fake ATO email distributes malwarenNov302016 MailGuardmacro.jpg

The risks posed by macros

By enabling a macro, email recipients are allowing criminals to automatically install malicious files, such as Trojans or keyloggers.

A keylogger is a type of spyware that can watch and record your keystrokes. It can see what you write in an email, what passwords you enter on a banking website, or any other information you provide online.

Trojans sit quietly in the background, taking actions not authorised by the user, such as modifying, stealing, copying or even deleting data.

This type of malware is dangerous because you may not notice they are running in the background, recording your actions. It might not be discovered until months later, when you realise somebody has been accessing your bank account.

How can I protect myself from email scams?

To reduce the risk of being tricked by a scam, you should immediately delete any emails that:

  • Seem suspicious and ask you to open or download files that you were not expecting
  • Contain macro-enabled Word documents and require you to enable, or run, the macro
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.

Scam-busting advice from the ATO

The ATO advises that it never:

  • Asks you to pay money to receive a refund or payment
  • Asks you to pay a debt via a prepaid credit card or voucher
  • Asks you to provide personal information, like your TFN or credit card number, via email or SMS
  • Requests your credit card details to process a payment on your behalf.

You can report or verify a scam on the ATO website: https://www.ato.gov.au/general/online-services/identity-security/verify-or-report-a-scam/

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates


^ Back to Top