Warnings to bin ATO scam email with malware-filled zip file

SmartCompany, January 18, 2018

Businesses are being warned to trash emails purporting to be from the “revenue collection agency”, with a new scam impersonating the Australian Taxation Office landing in inboxes right as staff come back on deck for 2018.

MailGuard uncovered the fake message, which uses ATO letterhead, yesterday.

The messages include a simple hyperlink to a “tax form”, which recipients are asked to follow to fill in their tax details by a designated date.

It’s far from the first time the tax office has been impersonated by scammers, with the ATO previously warning that Australians have lost millions to tax scams as the number of fraudsters looking to cash in on taxpayers has increased over the past two years.

In a blog post, MailGuard reminds taxpayers never to open a message claiming from a reputable source if it doesn’t address you by name.

When recipients click on the most recent ATO scam email, a download begins on a malware-containing zip archive.

Email recipients should also be wary of any email purporting to be from a service provider like the ATO that urges them to act quickly or issues an urgent request to click a link, MailGuard says.

The brandjacking scam comes as security experts warn cybercriminals are using more and more sophisticated scams to gain access to company’s systems.

The Australian Small Business and Family Enterprise Ombudsman (ASBFEO) has also launched a cybersecurity checklist this month, urging businesses to train staff in how to prevent malicious software and cyber attacks, as well as what to do when one hits.

“If you think an attack has happened, tell staff and tell the authorities,” the ombudsman’s office urges.

When contacted by SmartCompany, the ATO highlighted Australians should keep all their tax and personal data secure and not hand these over when requested by emails purporting to be from the tax office.

The ATO keeps an alerts list of scam activity on its website.