Debunking hoaxes and exposing scams since 2003!





Jump To: Example    Detailed Analysis   Comments   References

ATO Tax Refund Malware Emails


Jump To: Example    Detailed Analysis   Comments   References

Outline

Email purporting to be from the Australian Taxation Office (ATO) claims that the recipient is eligible for a tax refund and should open an attached .zip file for further details.

Tax Refubd Malware
©Depositphotos.com/Illia Uriadnikov



Brief Analysis

The message is not from the ATO and the tax refund claims are untrue. The attached .zip file contains a trojan that can steal personal and financial information from the infected computer. Be wary of any unsolicited email from your tax office that claims you can receive a refund by opening an attachment or clicking a link. This is a very common scammer ploy.

   

Share







Bookmark and Share





related Links

Related Links

What's New   Top Ten   Special Features   Subscribe


Example

Subject: Australian Taxation Office - Refund Notification

MPORTANT NOTIFICATION

Australian Taxation Office - 19/03/2015

After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 2382.38 AUD.

For more details please follow the steps bellow :
- Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided.
- Select the location into which you want to download the file and choose Save.
- Unzip the attached file.

Matthew [Surname Removed],
Tax Refund Department
Australian Taxation Office

Attachment Names:
ATO_TAX_004715581.zip contains ATO_TAX_004715581.exe

Australian Taxation Office
TAX REFUND NOTIFICATION

After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 0676.14 AUD.

For more details please follow the steps bellow :
- Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided.
- Select the location into which you want to download the file and choose Save.
- Open the file Microsoft Word file to view the details.

Myra [Surname Removed],
Tax Refund Department
Australian Taxation Office

Attachment Names:
ato_tax_(email address).zip contains ATO_TAX_(number).exe



Detailed Analysis

This message, which claims to be from the Australian Taxation Office (ATO), informs recipients that they are eligible for a tax refund. To learn more about the unexpected windfall, recipients are instructed to open an attached file to review a tax document.

However, the email is not from the ATO. Of course, there is no tax refund. The promise of a refund is just the bait used to entice people into opening the attachment without due care.

Those who fall for the ruse and proceed to unzip the attachment will be presented with a .exe file. If they then click the .exe file, they will install a trojan on their computer. Once installed, this trojan can download other malware programs, collect personal and financial information from the infected computer and send the stolen information to the criminals operating the malware attack.

Criminals regularly use fake tax refund emails as a means of stealing personal and financial information. Many versions are direct phishing scams that try to trick users into filling in bogus forms, ostensibly to allow processing of the tax refund. Typically, these scam emails ask for banking and credit card details along with other personal information.

The version discussed here takes a different tack by tricking people into installing malware. However, like the direct phishing versions, the attack is designed to allow criminals to steal personal and financial information that they may subsequently use to commit bank and credit card fraud and steal the identities of victims.

Be wary of any unsolicited email purporting to be from the tax office in your country that claims that you can get an unexpected refund by opening an attached file or clicking a link. Your tax office will not ask you to provide sensitive personal information in this manner.



Beware Malware


Last updated: March 19, 2015
First published: August 8, 2013
By Brett M. Christensen
About Hoax-Slayer

References
IRS Tax Refund Phishing Scam
Australian Tax Refund Scam Email




Latest Hoax-Slayer Articles



More stories!

Giant Snake on Digging Machine Image
Circulating message claims that an attached photograph depicts a massive 700 lb snake hanging on the boom of a digging machine. According to the message, the snake was pulled from a lake in Proctor, North Carolina.
Updated: Feb 20, 2015


Fake Pothole Speed Control Device Photographs
Message claims that attached photographs show a new speed control tactic that consists of laying very realistic looking fake pothole stickers on the roadway.
Updated: March 19, 2015


HOAX - 'Cosmic Rays Entering Earth From Mars'
Circulating message warns that potentially dangerous cosmic rays will be entering the Earth from Mars between 10:30 pm and 3:30 am tonight and users should switch off their mobile devices.
Updated: March 10, 2015