Australians have been urged to stay alert against an uptick in the volume of tax-themed scams as cybercriminals eye the upcoming tax season.
International cybersecurity firm Proofpoint on Monday revealed that “threat actors” are already attempting to scam Australians with emails purportedly from the Australian Tax Office (ATO).
Its analysis of the attacks found scammers were targeting workers in the manufacturing, IT and technology sectors, with a goal of tricking victims into handing over their credentials.
In one example, scammers used ATO branding in an email promising a tax refund.
The scam email reads:
“After the last annual tax calculation of your fiscal activity, you are eligible to receive a tax refund claim of 219.47 AUD. To access your tax refund, please Click Here.”
However, the URL within the email directs the user to a fake myGov authentication page designed to steal user credentials.
Proofpoint also warned about another scam it observed which also promised tax refunds. This scam saw victims sent emails with subject lines including:
Tax Invoice 2101996
Tax Invoice 2101321
Victims who opened the attachments would find Microsoft Excel documents that would download ransomware onto the computer.
Ransomware is a form of malware that threatens victims with publication of their data or will block access to it unless a ransom is paid.
“Tax season is a popular time for threat actors to conduct email-based attack campaigns designed to steal sensitive information for financial gain,” Proofpoint said.
It said people should be trained in how to spot and report malicious emails, calling on companies to carry out simulated attacks and to also invest in software that blocks inbound threats.
If you’re concerned you’ve been targeted by a tax scam, you can report it to the ATO on 1800 008 540.