Fake Australian Tax Office emails circulating
Today we stopped numerous phishing emails that purport to be from the Australian Tax Office (ATO). The emails claim that the recipient of the email can claim a tax refund. This is a sly social engineering trick to entice users to click on the email link. The emails are, however, fake. There are a number of these types of phishing emails currently circulating.
Figure A is a sample of the email in question. The subject line of the email is “Australian Taxation Office – Get Your Tax Return”, whilst the sender is listed as “ATO”. The email does not use any ATO logos. The email contains a Tax Customer ID number in an attempt to appear authentic. The email also contains the email address of the recipient. Both these details have been blacked out in Figure A.
The email is supposedly from a Barbara DuFrene. In some respects, this email is similar to an email that started up in 2012, also featuring Barbara DuFrene. In both cases, the user is invited to click on a link to receive a tax refund. In this particular sample the refund amount is listed as $587.75 AUD, but the amounts may be varied. The bottom of the email has a copyright message. There are no contact details in the email: no web site, email address or phone number(s).
The main sign that this is a phishing email is the link. Mousing over it shows that it does not lead to an ATO website. Instead, it leads to a phishing site. The purpose of the phishing site is to steal credit card details. The second issue is that there is no salutation, not even a “Dear Customer”. The ATO will always use the name of the recipient in the salutation.
This email is fake and should be deleted immediately.
For further information and several more examples of phishing emails, see the ATO website.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service