Security & Fraud

ATO Scam Email Warning Hits Australia

MailGuard ATO Scam

Cloud web and email security provider MailGuard shared details of a large-scale malicious email scam impacting Australians.

Cybercriminals are sending out emails impersonating the Australian Taxation Office (ATO), putting many computers and email inboxes at risk. According to MailGuard, the email can potentially infect compromised computer systems with anything from keylogging spyware to file-encrypting ransomware CryptoLocker.

Thousands of the malicious messages were sent out Monday morning (Feb. 20).

The emails contain a unique link that MailGuard said makes it difficult for antivirus software to detect the messages as suspicious.

“Purporting to come from the Australian Taxation Office, the message tells recipients their Business Activity Statement (BAS) is available to view,” MailGuard CEO Craig McDonald noted.

“The well-formatted email includes the Australian government coat of arms image sourced from the ATO website. This is an effort by the scammers to add legitimacy to their scam email, in an attempt to bypass filtering software.”

Once the link within the email is clicked, an automatic download of a malicious file housed on a compromised SharePoint site is triggered. The downloaded file is then used to download additional malware, such as CryptoLocker, CryptoWall ransomware or even keyloggers.

MailGuard defines a keylogger as a type of spyware that can watch and record your keystrokes, enabling it to observe what’s written in an email, passwords entered in various sites or any other information entered online.


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The July 2019 Pay Advances: The Gig Economy’s New Normal, a PYMNTS and Mastercard collaboration, examines pay advances – full or partial payments received before an ad hoc job is completed – including how gig workers currently use them and their potential for future adoption.

Click to comment


To Top