Scammers brandjack E-Toll & MyTax, send malicious emails

Posted by Akankasha Dewan on 16 November 2018 13:18:25 AEDT

MailGuard has detected a new scam based on fake E-Toll and MyTax emails.

Emails purporting to be from Roads and Maritime Services (E-Toll) and MyTax Australia were intercepted Thursday morning (AEST). Scammers incorporated the logo and branding of both E-Toll and MyTax in the emails, in a bid to boost their legitimacy.

 It was discovered both types of emails came from a single compromised domain called ‘’.

Using a display name of ‘RMS E-Toll’, the emails imitating E-Toll appear to have come from different email addresses with varying first names.

The body of the email advises recipients that there are important changes coming to their account on 10 Nov 2018.  To find out more, they should view their Account Statement, which is accessed via a link.

E-Toll 1

Unsuspecting recipients who click on the link are led to a malicious .doc file download.

This is not the first time E-Toll has been brandjacked by cybercriminals. Last month, emails purporting to be from E-Toll appeared in inboxes with the display name "NSW Roads and Maritime". These emails also led to a malicious file download.

The emails purporting to be from MyTax sent on Thursday use the display name of an individual, while the footers in the email include a reference to a ‘MyTax Australia Agent’.


This message informs recipients that as they have been notified, they ‘must’ receive a tax refund. However, due to insufficient information, the tax refund has failed to process. Users are then encouraged to save an ‘attached form’ and follow the directed steps.

The ‘attached’ form is actually a link leading to a malicious .doc file download.

Both E-Toll and MyTax are familiar names in Australia, with a significantly large number of locals having accounts with both Roads and Maritime Services and MyTax Australia. By imitating such well-known brands, cybercriminals aim to scam as many people as possible, and leverage the established reputation of these two agencies with Australian residents.

The email security experts at MailGuard recommend these steps for avoiding being tricked by a fraud email:

  • Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain such as instead of
  • Beware of links in emails. Before you click anything, take a closer look by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.
  • Be alert for strange sentence structure, or phrasing uncommon to the apparent sender
  • Ensure your email security is up to scratch. A cloud-based, advanced email security service like MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: email scam Cybersecurity cybercrime Malicious payload

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all