ATO Scam Email Warning Hits Australia

MailGuard ATO Scam

Cloud web and email security provider MailGuard shared details of a large-scale malicious email scam impacting Australians.

Cybercriminals are sending out emails impersonating the Australian Taxation Office (ATO), putting many computers and email inboxes at risk. According to MailGuard, the email can potentially infect compromised computer systems with anything from keylogging spyware to file-encrypting ransomware CryptoLocker.

Thousands of the malicious messages were sent out Monday morning (Feb. 20).

The emails contain a unique link that MailGuard said makes it difficult for antivirus software to detect the messages as suspicious.

“Purporting to come from the Australian Taxation Office, the message tells recipients their Business Activity Statement (BAS) is available to view,” MailGuard CEO Craig McDonald noted.

“The well-formatted email includes the Australian government coat of arms image sourced from the ATO website. This is an effort by the scammers to add legitimacy to their scam email, in an attempt to bypass filtering software.”

Once the link within the email is clicked, an automatic download of a malicious file housed on a compromised SharePoint site is triggered. The downloaded file is then used to download additional malware, such as CryptoLocker, CryptoWall ransomware or even keyloggers.

MailGuard defines a keylogger as a type of spyware that can watch and record your keystrokes, enabling it to observe what’s written in an email, passwords entered in various sites or any other information entered online.