Debunking hoaxes and exposing scams since 2003!





Jump To: Example    Detailed Analysis   Comments   References

ATO Tax Refund Malware Emails


Jump To: Example    Detailed Analysis   Comments   References

Outline

Email purporting to be from the Australian Taxation Office (ATO) claims that the recipient is eligible for a tax refund and should open an attached .zip file for further details.

Tax Refubd Malware
©Depositphotos.com/Illia Uriadnikov



Brief Analysis

The message is not from the ATO and the tax refund claims are untrue. The attached .zip file contains a trojan that can steal personal and financial information from the infected computer. Be wary of any unsolicited email from your tax office that claims you can receive a refund by opening an attachment or clicking a link. This is a very common scammer ploy.

   

Share







Bookmark and Share





related Links

Related Links

Identity theft is one of the fastest growing crimes in the world. Learn how to stay safe online with Hoax-Slayer's comprehensive eBook:




Example

Subject: Australian Taxation Office - Refund Notification

MPORTANT NOTIFICATION

Australian Taxation Office - 19/03/2015

After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 2382.38 AUD.

For more details please follow the steps bellow :
- Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided.
- Select the location into which you want to download the file and choose Save.
- Unzip the attached file.

Matthew [Surname Removed],
Tax Refund Department
Australian Taxation Office

Attachment Names:
ATO_TAX_004715581.zip contains ATO_TAX_004715581.exe

Australian Taxation Office
TAX REFUND NOTIFICATION

After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 0676.14 AUD.

For more details please follow the steps bellow :
- Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided.
- Select the location into which you want to download the file and choose Save.
- Open the file Microsoft Word file to view the details.

Myra [Surname Removed],
Tax Refund Department
Australian Taxation Office

Attachment Names:
ato_tax_(email address).zip contains ATO_TAX_(number).exe



Detailed Analysis

This message, which claims to be from the Australian Taxation Office (ATO), informs recipients that they are eligible for a tax refund. To learn more about the unexpected windfall, recipients are instructed to open an attached file to review a tax document.

However, the email is not from the ATO. Of course, there is no tax refund. The promise of a refund is just the bait used to entice people into opening the attachment without due care.

Those who fall for the ruse and proceed to unzip the attachment will be presented with a .exe file. If they then click the .exe file, they will install a trojan on their computer. Once installed, this trojan can download other malware programs, collect personal and financial information from the infected computer and send the stolen information to the criminals operating the malware attack.

Criminals regularly use fake tax refund emails as a means of stealing personal and financial information. Many versions are direct phishing scams that try to trick users into filling in bogus forms, ostensibly to allow processing of the tax refund. Typically, these scam emails ask for banking and credit card details along with other personal information.

The version discussed here takes a different tack by tricking people into installing malware. However, like the direct phishing versions, the attack is designed to allow criminals to steal personal and financial information that they may subsequently use to commit bank and credit card fraud and steal the identities of victims.

Be wary of any unsolicited email purporting to be from the tax office in your country that claims that you can get an unexpected refund by opening an attached file or clicking a link. Your tax office will not ask you to provide sensitive personal information in this manner.

Beware Malware


Last updated: March 19, 2015
First published: August 8, 2013
By Brett M. Christensen
About Hoax-Slayer

References
IRS Tax Refund Phishing Scam
Australian Tax Refund Scam Email




Latest Hoax-Slayer Articles



More stories!

'Internet Capacity Warning' Phishing Scam
According to this email, which claims to be from the 'Support Department' at 'Information Technology Services', your internet capacity is 70% full and you therefore need to contact support to avoid problems.
Published: July 6, 2015


Kroger 'Free Coupons' Survey Scam
Message being distributed across Facebook claims that users can receive free coupons from American retailer Kroger just by sharing a message and visiting a third party website to claim their prize.
Published: June 16, 2015


Pointless Facebook Warning - Hackers Posting Insulting Messages or Sexual Content In Your Name
'Hacker' alert messages circulating on Facebook claim that, without your knowledge, hackers are posting insulting or sexual messages that appear to come from you onto your Facebook Timeline.
Published: June 3, 2015