‘Payment update’ email supposedly from ATO is a phishing attack

Posted by Akankasha Dewan on 17 September 2019 11:06:17 AEST

MailGuard has intercepted another email phishing scam purporting to be from the Australian Taxation Office (ATO). 

This scam email forms part of yet another variation of the ATO scam distributed by cybercriminals over many years. These scams traditionally prove successful by exploiting the well-established reputation of the government agency.

First detected in the early hours (AEST) of Monday, the 16th of September, each of the emails contain a unique sending address per email. However, all of them use the same display name, ‘ATO’. The recipient’s email address is visible in the ‘TO header’ at the top of the email, as well as in the bottom of the email in the ‘unsubscribe’ line.

The body of the email is relatively short, and basically directs the recipients to click on a link for more information on their “TAX records update”.

Here is a screenshot of the email:

ATO require action 3

Unsuspecting recipients who click on the link are led to a Microsoft-branded phishing page which first requests for their email information:

microsoft enter email (2)

Upon entering their email address, users are led to a second page requesting for their password, as per the below:

microsoft enter password (2)

Having “logged in”, users are then taken to a random PDF, as per the below:

phishing ato (2)

This scam has been designed to harvest unsuspecting recipients’ ATO login details. MailGuard urges all recipients of this email not to open any attachments or click on any links.

Cybercriminals behind this scam attempt to convince users of its authenticity by employing several elements such as ATO’s logo & branding, along with several security measures expected of an official notification. These include links to ATO’s online security page.  

Advice from the ATO on reporting a scam

ATO’s website gives this guidance: “If you receive a suspicious email claiming to be from the ATO, do not click on any links, open attachments or respond to the sender. Forward the entire email to ReportEmailFraud@ato.gov.au without changing or adding any additional information and delete from your inbox and sent folder.”

How to identify a scam email

  • Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.
  • Never open an attachment (especially a .zip file or .exe file) unless you are expecting it. Files from unknown senders often contain malware or virus.
  • Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all