This morning we, and a number of our clients, received a scam relating to “TAX REFUND NOTIFICATION” purporting to be from the ATO.
Although mostly well written, this is a SCAM. DO NOT CLICK. DELETE STRAIGHT AWAY!!
How do you know it’s a SCAM?
Number one is to put your mouse over the link (without clicking) and see if the web address (URL) displayed on the page matches what appears in the tip that appears. Note that some spam filters will re-write this anyway, so this may not always work if you are using an advanced web address checking service like Proofpoint/Spambrella.
Number two is the Australian Tax Office is written with lowercase “t” and “o”, and there are instances of Americanisation (z’s instead of s’s) in the copy of the text.
Number three is that if it seems to good to be true, it probably is! They are blatantly asking you to click a link and provide sensitive personal information (Driver’s License and Medicare card).
What should I do if I clicked the link?
If you clicked the link but didn’t supply any details, you are probably safe – as long as your computer is patched and up-to-date, and all your software is up to date (Chrome, Firefox, etc).
Why isn’t my SPAM filter blocking these emails?
Statistically speaking, over 80% of emails received by individuals is spam, scams or viruses. Whilst modern email filtering solutions do a phenomenal job of filtering out common attacks, cyber criminals are constantly tweaking their campaigns to make them more effective and to avoid detection.
If you are getting a handful of emails through each day, you’re actually doing pretty good.