Just in time for tax time, MailGuard is intercepting a wave of phishing emails impersonating the Australian Taxation Office (ATO) and MyGov, designed to trick recipients into disclosing sensitive personal and financial information through a multi-step scam.
This latest threat, identified and blocked by MailGuard’s real-time email filtering engine, is deceptively simple at first glance but highly dangerous in execution. It’s another example of opportunistic cybercriminals exploiting our trust in government branding to extract valuable identity data, including login credentials, credit card numbers, and verification codes. And because it's timed to coincide with EOFY, they're hoping that many of us will simply click through without giving it a second thought.
The Email: A Deceptive Hook
The attack begins with an email using the display name “Australian Taxation Office,” which is actually sent from a compromised account with the suspicious address careers(at)unitedfirewatchguards(dot)com. The subject line simply reads “New mail In” and the message is designed to trigger urgency and curiosity:
“You have a new message in your inbox. Review Message.”
This message falsely claims to be from the MyGov Online Team and includes a link masked as a message review prompt. Clicking it leads to a fake MyGov-branded login page hosted at a fraudulent domain: assclm(dot)de.
Here's what the email looks like 👇
Once clicked, the victim is taken through a multi-stage phishing process:
- Login Page: The first page imitates the MyGov sign-in page, requesting a username and password.
- One-Time Code Request: A prompt appears asking the user to enter an SMS verification code, adding false legitimacy.
- Personal Details Harvesting: Users are then asked to enter their full name, date of birth, address, drivers license number, and credit card details.
- Secondary Code Request: A second SMS code entry form concludes the attack sequence, designed to capture any two-factor authentication code or further identity verification.
Anatomy of the Threat
This scam doesn't rely on technical complexity, but on the psychological manipulation of familiarity and urgency, key tactics in many of today’s targeted phishing campaigns. By simulating trusted ATO communications, and timing the emails to coincide with the busiest time of year for tax returns, the attackers exploit users’ complacency and established habits around accessing secure government services like MyGov.
- Type: Credential harvesting phishing scam
- Sophistication: Basic HTML formatting, no malware attachments, multi-step information harvesting flow
- Attack vector: Deceptive email claiming to be from the ATO/MyGov
- Sender address: careers(at)unitedfirewatchguards(dot)com
Stay Safe - Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
- Aren’t addressed to you personally.
- Are unexpected and urge immediate action.
- Contain poor grammar or miss crucial identifying details.
- Direct you to a suspicious URL that isn’t associated with the genuine company.
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One Email Is All That It Takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.