3 September 2013

Cyber criminals are taking advantage of the looming deadline for filing tax returns to target Australians with malware-carrying emails purporting to be from the Australian Taxation Office (ATO).

Security firm Bitdefender reported the detection of three email spam campaigns in late July and early August that saw up to 10,000 spam emails sent on 6 August. This surpassed the 3,000 messages sent on 23 July and the 5,000 messages sent on 15 July.

“This sort of malicious outbreak is expected to continue heavier and more targeted as the tax time approaches its deadline in October,” a Bitdefender advisory warned. “Attackers hope their targets are too concerned with their financial duties to double check the sender’s address and discover the con.”

If your system is infected by the malware in these messages, private data such as passwords and logins for financial institutions can be stolen and distributed to cyber criminals who will exploit it for financial gain.

If your computer becomes infected, not only can personal information be stolen, but malware may force the computer to join a global ‘botnet’ that uses thousands of slave computers to distribute further malware-laden emails—or it might take part in distributed denial of service (DDoS) attacks. Among other things, this can seriously reduce the effective speed of a home Internet connection.

Many examples of tax time scams come as unsolicited emails purporting to be from the ATO.

One of the most common spam emails has a subject line ‘Australian Taxation Office – Refund Notification’, with body text including ‘TAX REFUND NOTIFICATION’. It instructs you to open an attachment called ‘ATO_TAX_pokeefe.zip’ or similar. The attachment is typically malware.

Another recent example of spam has a subject line reading ‘New information regarding lodgement’ and suggests that the ATO has been attempting to refund a payment to “the credit card we have on file.” Recipients are advised to log into an ‘e-portal’ to receive the refund manually, and that “during the payment process you will be given the opportunity to update the credit card that is on record.”

The ATO is well aware of such scam emails and advises that it will never ask for such information via email: “We can only calculate tax refunds after you have reported information to us about your financial activity for the year,” an ATO advisory says. “Based on that information, we automatically pay any refund due into your nominated bank account or send you a cheque. Any email that requests additional information before a refund can be released is a hoax.”

If you receive a message like this, do not under any circumstances open the attachment. Delete the message immediately. Never open attachments that arrive with these sorts of messages.

One recently-reported tax scam included attached malware from the Fareit family, which steals passwords and login data from infected systems. The malware then connects to another centralised computer over the Internet, submitting the captured information for exploitation and potentially loading other malware.

More information

Bitdefender’s warning.

Information about Fareit malware.

ATO Online Security page.

Stay Smart Online also offers information on scams and hoaxes.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] dbcde.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online