MailGuard have identified and successfully blocked a phishing email scam purporting to be from the Australian Government Department of Human Services (DHS).
The observed email forms part of an identity theft scam, whereby victims are required to reply to the email with personal information in order to receive a subsidy benefit for the dollar amount specified.
Here is a screenshot of the type of email to watch out for.
As you can see, the email appears to originate from the Department of Human Services. The perpetrator requests the victim reply to the email with their first name, last name, date of birth, tax file number, complete address and information from 2 of the specified documents.
The first warning sign for this particular email scam is that it is ridden with grammatical errors which an official Australian government body wouldn’t approve. “Qualification for year 2015 subsidy” and “at least 2 of the information listed below” are two obvious examples.
As you can see in the screenshot above, the ‘to’ address stipulates a ‘@email.gov.au’ subdomain extension. Whilst naïve recipients may assume this is an official department email, it does not exist. The ‘reply-to:’ is the designated email address the spammer has access to in order to intercept your email and gain access to your personal information.
This particular scam does not take the victim to a landing page, but rather requires they reply to the email with the specified details.
What’s the scammer’s motive? Why do they want your personal information?
One possible reason the spammer requests personal information and specific values from previous statements may be to complete a falsified tax return in the victim’s name. The cyber-criminal will specify an alternative bank account when submitting the victim’s details via the Etax Online Tax Return website to receive a fraudulent tax reimbursement.
The Department of Human Services have a dedicated section on their website to address many variations of scams to be wary of.
As a precaution, we also urge you to delete emails that:
- Are not addressed to you by name or are written in poor English
- Are from businesses that you were not expecting to hear from
- Request personal information that the purported sender should already have access to
Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.