Daniel Graziano 09 September 2015 13:05:00 AEST 3 MIN READ

Protect Yourself Against This ‘Tax Return Error’ Scam Email

MailGuard have identified and successfully blocked another zero day malware scam purporting to be from the Australian Taxation Office (ATO). 

This scam email forms part of yet another variation of the ATO scam distributed by spammers over many years. These scams traditionally prove successful by preying on people’s hope of receiving more money back on tax, or in this case - their fear of not receiving their refund at all if they do not amend the documents in question.  

Here is a screenshot of the type of email to watch out for:

ato-tax-return-scam-2014-report-australian-taxation-office

As you can see, the email appears to originate from the Australian Taxation Office. The perpetrator even forces a ‘@ato.gov.au’ sender address to further convince vulnerable victims of the authenticity of the purported sender.

The spammer demands that the recipient downloads the attached, ‘ATOTaxReturnReport.zip’ file which contains a “full report and reason for [the] error”. This scam also enforces urgency with a time limitation demanding response within the “next 24-72 working hours”.

Opening the attachment installs malware on your local machine. Upon launch, the malware lodges into the windows start up routine and infects the victim’s computer. Their system has been infiltrated and can be used under control of the attackers to steal banking details, credit card numbers and confidential login credentials.

Read more about the $500 billion in damage scams like this cause to the global economy annually here.

At the time MailGuard discovered this new variant, 80% of AV vendors were not detecting the malicious exploit within this file.

Uneducated users using the aforementioned vendors are subsequently left susceptible to infiltration if they download the attached file.

Warning signs to help identify this email as a scam:

  • The informal, impersonal greeting.
  • Grammatical errors within the body, “..after processing it which require your immediate attention”.
  • The victim is asked to download a file to view the full report and the reason for the error in review.

We cannot stress enough that organisations like the ATO will never ask you to give personal information via email or prompt you to download unexpected files.

MailGuard has successfully identified and blocked many ATO scam variations, you can read more about these via the links below:

The ATO offers a comprehensive online resource to help identify and report scams purporting to be from the Australian Taxation Office. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by phoning them on 13 28 61.

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams.


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top