Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 160 - August, 2013 (2nd Edition) - Page 9

ATO Tax Refund Malware Emails

Issue 160 Start Menu

Previous Article            Next Article

Email purporting to be from the Australian Taxation Office (ATO) claims that the recipient is eligible for a tax refund and should open an attached .zip file containing a Microsoft Word document for further details.

Keyboard with Tax Refund Button

© Illia Uriadnikov

Brief Analysis
The message is not from the ATO and the tax refund claims are untrue. The attached .zip file contains a trojan that can steal personal and financial information from the infected computer. Be wary of any unsolicited email from your tax office that claims you can receive a refund by opening an attachment or clicking a link. This is a very common scammer ploy.

Bookmark and Share

Australian Taxation Office


After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 0676.14 AUD.

For more details please follow the steps bellow :

- Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided.
- Select the location into which you want to download the file and choose Save.
- Open the file Microsoft Word file to view the details.

Myra English,
Tax Refund Department
Australian Taxation Office

Attachment Names:
ato_tax_(email address).zip contains ATO_TAX_(number).exe

Detailed Analysis

This message, which claims to be from the Australian Taxation Office (ATO), informs recipients that they are eligible for a tax refund. To learn more about the unexpected windfall, recipients are instructed to open an attached file to review a Microsoft Word document.

However, the email is not from the ATO and the attachment contains a file significantly more sinister than a Microsoft Word document. Of course, there is no tax refund. The promise of a refund is just the bait used to entice people into opening the attachment without due care.

Those who fall for the ruse and proceed to unzip the attachment will be presented with a .exe file. If they then click the .exe file, they will install a trojan on their computer. Once installed, this trojan can download other malware programs, collect personal and financial information from the infected computer and send the stolen information to the criminals operating the malware attack.

Criminals regularly use fake tax refund emails as a means of stealing personal and financial information. Many versions are direct phishing scams that try to trick users into filling in bogus forms, ostensibly to allow processing of the tax refund. Typically, these scam emails ask for banking and credit card details along with other personal information.

The version discussed here takes a different tack by tricking people into installing malware. However, like the direct phishing versions, the attack is designed to allow criminals to steal personal and financial information that they may subsequently use to commit bank and credit card fraud and steal the identities of victims.

Be wary of any unsolicited email purporting to be from the tax office in your country that claims that you can get an unexpected refund by opening an attached file or clicking a link. Your tax office will not ask you to provide sensitive personal information in this manner.

Bookmark and Share

Last updated: August 8, 2013
First published: August 8, 2013
By Brett M. Christensen
About Hoax-Slayer

IRS Tax Refund Phishing Scam
Australian Tax Refund Scam Email

Previous Article            Next Article

Issue 160 Start Menu

Pages in this issue:
  1. Hoax - 'Lawful Interception Recovery Fee' on AT&T Bill
  2. Cell Phone Photos Privacy Risk Warning
  3. Mars, Earth - Closest Approach in Recorded History
  4. Deaths From Free Perfume Samples Hoax
  5. Image of Dog Heads On Supermarket Shelf
  6. Has Sylvester Stallone Announced That He Has Surrendered His Life To Christ?
  7. 'Unclaimed Tesco Voucher' Phishing Scam
  8. Is Facebook Removing A Picture Depicting A Breast Cancer Survivor's Tattooed Chest?
  9. ATO Tax Refund Malware Emails
  10. Facebook Message Warns Cutest Baby Comp Images Being Used on Sex Slave Site
  11. Kidnapped Hakken Boys Are Now Home Safe and Well
  12. Message Warns Of Requests for Photos Of Babies With Nappies Open
  13. Six Flags Free Season Tickets Like-Farming Scam
  14. Boob Melons Hoax - 'Vietnamese Gourd or Pumpkin' Images
  15. Faux Images - Mermaid Skeleton
  16. A 'Yes' Vote in an Upcoming Australian Referendum Will NOT Result in Sharia Law Being Implemented
  17. Bank of America 'Transaction is Completed' Malware Emails
  18. WhatsApp 'Servers Really Full' Hoax
  19. Nichole Morgan Friend Request Hacker Hoax
  20. BT Yahoo! Mail 'Classic Version Closing' Phishing Scam
  21. X Factor Australia Like Farming Scam
  22. Giant Rabbit Photographs
  23. Costco Voucher Giveaway Like-Farming and Survey Scam