ATO 'Multiple Password Failures' Phishing Scam Email
OutlineEmail purporting to be from the Australian Taxation Office (ATO) claims that a security check discovered multiple failed login attempts and you are therefore required to reconfirm your account information within 48 hours.
© Depositphotos.com/ weerapat
Brief AnalysisThe email is not from the ATO. It is a phishing scam designed to trick you into giving your personal and financial data to Internet criminals.
Scroll down to read a detailed analysis with references.
Subject: Invoice: (AA-LL-ML-04L2)
For optimal viewing of the Australian Taxation Office Web site, we recommend that you enable CSS.
We at Australian Taxation Office work hard to ensure the security of our clients,In carrying out our responsibility,We recently had cause to suspect that there has been attempts to log into your account, There were multiple password failures during the course of the illegal attempt to log into your account. Though the attempts were unsuccessfull We need you to re-confirm your account information by filling in your precise and current account information. If this is not completed within the next 48hrs, we will be forced to suspend your account indefinitely.
To re-confirm, Please Sign on and verify your identity: Sign On
Australian Taxation Office helps you to plan your financial future.
Thank you for helping us protect your account
'ATO' Email Warns of Failed Login Attempts
The message claims that multiple password failures were logged. It explains that, although the attempts to illegally access your account were unsuccessful, you are still required to sign into your account and verify your identity.
It warns that, if you do not click the link and revalidate within 48 hours, your account will be suspended indefinitely.
Email is Not From the ATO - Phishing Scam
If you click the 'Sign On' link in the email, you will be taken to a webpage that is designed to resemble the genuine ATO website.
Once on the fake site, you will be asked to login and then fill in an online 'validation' form that asks for your address and contact details, your tax file number, and other identifying data. The fake form may also ask for your credit card number and other financial information.
Criminals can then collect all of the information submitted on the fake site. The stolen data can be used to access your ATO account, steal your identity and commit financial fraud in your name.
An increasing number of people are accessing the ATO's services online so at least a few recipients may believe these scam emails to be genuine and comply with the instructions.
Beware of Unsolicited Messages from Your Tax Department
Again, the bogus form is designed to steal sensitive personal and financial data from recipients.
Be wary of any unsolicited email or text message purporting to be from your country's tax agency that claims that you must provide personal information by clicking a link or opening an attachment. Your tax agency is very unlikely to request personal or financial information in this way.
If you use online tax services, always login to your account by entering the address in your browser rather than by clicking a link in a message.
© Depositphotos.com/ nickylarson
Last updated: July 30, 2014
First published: July 30, 2014
By Brett M. Christensen