Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









ATO Activity Statement Refund Phishing Scam

Outline
Email, purporting to be from the Australian Taxation Office (ATO), claims that the recipient's activity statement refund has been retained due to incorrect or incomplete bank account details and urges him or her to follow a link to update details.



Brief Analysis
The email is not from the ATO. In fact, the message is a phishing scam designed to steal personal and financial information. Those who follow the link will be taken to a bogus website where they will be asked to supply identification and credit card details. All information supplied will be harvested by criminals and used for credit card fraud and identity theft.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Scroll down to submit comments
Last updated: 28th December 2010
First published: 28th December 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: SuperUpdate December 2010

Refund retained for incorrect or incomplete bank account details.

We are required to pay your activity statement refunds, including your goods and services tax (GST) refunds, into your nominated financial institution account, unless there is a good reason to refund the amount in a different way (section 8AAZLH of the Taxation Administration Act 1953). This means that we will usually retain your activity statement refunds until you have provided us with your financial institution account details. We will also retain these refunds if your nominated financial institution account details are incorrect or incomplete. Where we require bank account details for the payment of the refund, we will send you a letter asking you to provide these details. Generally, once we have the correct financial institution details, your refund will be automatically issued to you. Please make sure you quote your account details correctly when you apply for your Australian business number (ABN), or when you update your account details. In limited circumstances, where you have made a request, we may pay an activity statement refund to you in a different way. For example, we will pay an activity statement refund by cheque where you hold religious beliefs that preclude the operation of a bank account. We may also pay an activity statement refund into a third party bank account that you have nominated, where the third party has a close legal relationship with you.

Update your account details click here

Regards,
Australian Taxation Office Copyright 2010, Australian Taxation Office



Detailed Analysis
This email, which purports to be from the Australian Taxation Office (ATO), claims that a tax refund owed to the recipient has been retained because the bank account details supplied to the ATO are incorrect or incomplete. The email includes details about why the supposed refund may have been retained and then urges recipients to follow a link, ostensibly in order to update the "incorrect or incomplete" information so that the refund can be processed.

However, the email is not from the ATO and the promised possibility of a tax refund is nothing more than the bait designed to fool recipients into handing over credit card and other personal information. In fact, the message is just one more in a long line of phishing scams that have targeted Australian taxpayers in recent years.

Those who follow the link in the scam email will be taken to a bogus website made to resemble the genuine ATO site. Once on the bogus site, they will be asked to submit details into a fake ATO "search" form, as shown in the following screenshot:

Bogus ATO seach facility

Once they have entered the requested details and clicked the "Search" button, they will be taken to a second fraudulent webpage which lists their supposed refund amount and asks them to provide more information including credit card information and identifying information such as address details and date of birth. The bogus "Refund Status" form claims that, by submitting the requested information, the "refund" can be sent directly to the victim's Visa or Mastercard account. However, all of the information submitted on the fraudulent website will be sent directly to Internet criminals who can then use it to commit credit card fraud and identity theft. A screenshot of the bogus "Refund Status" form is included below:

Bogus ATO refund claim form

This particular phishing scam is a quite sophisticated attempt. The bogus website is rendered professionally and the casual observer would be hard pressed to tell it apart from the genuine ATO website. Moreover, the scammers have copied paragraphs from information about refunds published on the genuine ATO website which includes mention of the Taxation Administration Act, and details pertaining to the ATO's policy on the payment of refunds into designated bank accounts. The inclusion of this information - which is valid and factual in its proper context on the genuine ATO website - may make the phishing scam message seem more believable to some recipients.

That said, there are also telling giveaways that the website and email are not genuine. Firstly, the ATO will never send out unsolicited "refund" emails that ask taxpayers to follow a link and provide sensitive personal and financial information. Secondly, the bogus website is not hosted on a .gov.au website. The official ATO website has the address www.ato.gov.au. Any site that claims to be an official ATO website but does not have an ato.gov.au web address should be treated with suspicion. And, thirdly, the supposed refund forms published on the phishing site are not secure (https:) pages. The ATO or other legitimate organizations would never ask people to submit private personal and financial information on a non secure website. Again, any site that asks for such information via a non secure (https:) page should be treated as highly suspect.

The ATO has repeatedly published warnings about "refund" phishing scams on its website. In fact, phishing scammers have repeatedly used the promise of unexpected tax refunds to trick Australian taxpayers into supplying information. And scammers have used the same ruse to target taxpayers in several other countries as well. In recent years, very similar scams have targeted people living in the United Kingdom, the United States, Canada, South Africa and India as well as Australia.

Internet users should be very cautious of any unsolicited email that claims that they are eligible for a tax refund. If you receive such an email, do not click on any links in the message or open any attachments that it may contain. Do not reply to the email or supply any personal information to its senders either via a web based form or an email attachment.

Bookmark and Share

References
ATO - Where is my refund?
ATO - Online security - Refund scams
Difference Between http & https
Australian Tax Refund Scam Email
HM Revenue & Customs Tax Refund Phishing Scam
IRS Tax Refund Phishing Scam
Department of Finance Phishing Scam
South African Revenue Service Tax Refund Phishing Scam
Indian Department of Revenue Tax Refund Scam
ATO Cut Off Taxes Program Phishing Scam Email



Last updated: 28th December 2010
First published: 28th December 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer