A sneaky new technique is being used to infect Australian computers with malware.
The fraudster behind the scam poses as a Good Samaritan, and pretends to do the victim a favour by forwarding a document intended for them, supposedly from the Australian Taxation Office.
The sender claims to have wrongfully received the victim’s tax information, and asks what they should do to rectify the problem. Here's one example:
But the ‘erroneously received’ document instead carries a nasty surprise: malware.
The messages, delivered this morning, aim to dupe recipients into letting down their guard by creating a false problem.
While the email itself is plain-text, it employs various tactics to help fool recipients.
More examples of the scam email:
The scammers have also made efforts to ensure only Microsoft Windows users can download the Word document. Those using Macs or running Linux cannot download the file.
The malware payload takes the form of a Macro embedded in a document. Here's what it looks like to those who click the link:
The ATO name is regularly used in scams targeting Australians. In February a large-scale distribution of fake Business Activity Statements included a link that triggered a malicious JavaScript file.
Advice from the ATO on reporting a scam
ATO’s website gives this guidance: “If you receive a suspicious email claiming to be from the ATO, do not click on any links, open attachments or respond to the sender. Forward the entire email to ReportEmailFraud@ato.gov.au without changing or adding any additional information and delete from your inbox and sent folder.”
How to identify a scam email
For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.