F-Secure: Filing E-Tax Has Its Own Risks
Security services company, F-Secure Corporation, has warned tax payers in Australia to be highly cautious of phishing attacks while filing their taxes online with the Australian Taxation Office (ATO). This is because malware activity happens to peak at the end of the financial year (2008) and already targeting several US tax payers.
With the increasing popularity of online services offered by ATO, taxpayers happen to be a lucrative prey for cyber criminals. Security Analysts at F-Secure expect a steep rise in spam emails that would lead tax payers to phishing sites and lure them into revealing their credit card numbers and other financial details by promising an early tax refund.
In fact, the attacks could even be more conning by installing trojans that would come as a hidden file with bogus emails and redirect to malicious Websites. The Trojan would then forward confidential personal and financial information to the cyber criminal, without knowledge of unsuspecting user.
If critical information like the tax file number, bank account details, date of birth, phone number, postal address, and salary information reaches the cyber criminal, then the tax payer is easily exposed to identify theft. By employing another tactic, cyber crooks can distribute malware disguising it as a security certificate sent by the ATO.
Wing Fei Chia, Security Response Team Manager at F-Secure's Security Labs, said that though the ATO takes safeguard measures like providing a security certificate prior to lodging one's tax refund online, it has been found in other countries like the US that cyber criminals succeed in innovating exploits despite sophisticated security measures, as reported by LinuxWorld on June 19, 2008.
Fei Chia, therefore, suggested tax payers that they need to be extra cautious when any e-mail comes, no matter how authentic it looks and urges them for a security certificate update.
In the US equivalent to the ATO, the IRS (Internal Revenue Service) was recently subjected to cyber fraud. E-mails, seemed to be from the IRS departments, directed many tax payers to a fake e-tax lodging form, while others offered tempting cash rewards for participating in online surveys.
Related article: F-Secure Alerts against Bogus Windows Update Sites
» SPAMfighter News - 05-07-2008