This following email, appearing to be from the Australian Taxation Office, is titled ‘ATO Refund Status’.
This email includes an attached HTML file, titled TaxReturn.htm. If you click this, the phishing website is copied to a temporary directory on your computer and loads into your internet browser.
This is where the sophistication of the scam becomes apparent.
If you accidentally click the attachment, you are then sent to an official-looking ATO page, complete with logo and references to the still-relevant Taxation Administration Act 1953.
If unaware, the recipient (hopefully not you) begins to fill out the fields above, then more fields begin to appear. The Questions become more probing & personal, as you progress through the form, asking for details like:
- Email address and password
- Date of birth
- Credit card number, expiry date, credit limit and funds available
- Bank name, customer number and phone password
- Bank security questions and answers
Cleverly, the fields are dynamic and any attempts to input fake email addresses or credit card numbers are immediately met with an error message.
Those who fill out the form and click ‘Submit’ are advised that their identity is being confirmed.
Finally, a confirmation page advises you their information is being processed and that their tax return is imminent.
Instead, your private information is being transferred into the hands of criminals.
To reduce the risk of being tricked by one of these scams, you should immediately report and delete any emails that:
- Appear to be from a well-known organization, typically a bank or service provider, and are not addressed to you by name and/or may include poor grammar
- Ask you to click on a link within the email body in order to access their website or download suspicious files. If unsure call the company directly and ask whether the email is legitimate
- Offer money, reward or gift to entice you to hand over your personal details
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place
The Australian Tax Office website shares advice on how to verify and report scams impersonating the ATO.
This information has been shared from the following website: http://www.mailguard.com.au/blog/breaking-fake-ato-phishing-scam-use-tax-return-to-lure-victims