18 July 2013

New phishing campaigns carry malware

A number of new phishing emails carrying malware have been identified in the recent days. The emails pretend to come from a number of Australian institutions including the Australian Tax Office (ATO), the Commonwealth Bank, National Australia Bank (NAB) and Telstra. Others have also been identified mimicking MMS messages.

Current examples of the ATO phishing messages appear to be sent from payroll provider ADP, and may include malware attached as a .zip file (currently ATO_TAX_16072013.zip). The banking examples have included malware attached as SecureMessage.zip.

An example of the ATO phishing email is below:

---------- Forwarded message ----------
Date: Mon, 15 Jul 2013 15:35:42 -0800
From: payroll.invoices @adp com
Subject: Australian Taxation Office - Refund Notification

Australian Taxation Office


After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 6731.76 AUD.

For more details please follow the steps bellow :

- Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided.
- Select the location into which you want to download the file and choose Save.
- Open the file Microsoft Word file to view the details.

Sonny Stout,
Tax Refund Department
Australian Taxation Office

At the time of writing, many security products are not identifying the attachment correctly as malware, meaning that if you open the attachment, a Trojan will attempt to install on your computer.

Detection rates are improving quickly as more security vendors add this malware definition to their products; in the meantime, your computer may be vulnerable.

If you receive this email, simply delete it. Do not respond or open the attachment.

Avoid phishing emails

Always be suspicious of unsolicited emails.

Do not click links or open attachments unless you are confident about the sender and information the email contains. The best advice is to simply delete the email.

If you are uncertain about the origin of any email you can always cross check the information by going independently to the company or source’s website or by calling them directly.

More information

Read Stay Smart Online’s advice about avoiding phishing and advice about spam.

Information provided by Telstra’s Chief Security Specialist, Scott McIntyre.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online