Phishing E-mail Supposedly from ATO Promises Tax Refund
Cyber-criminals possibly are still launching spam campaigns spoofing ATO (Australian Taxation Office) this season by distributing fake e-mails, which assure unwitting consumers that they're eligible for a tax refund. Softpedia.com published this dated January 31, 2012.
Posing as a message from ATO, the phishing electronic mail exhibits an alluring caption: "Tax Refund Notification." Its message body states that following the computation of the recipient's last fiscal transactions, the tax office has determined that he's entitled for getting an Australian Dollar 254.33 worth tax refund. The message then requests the recipient to apply for the refund as also let the agency 6 to 9 days for processing.
Furthermore, the e-mail delineates the steps the user should follow for acquiring his tax re-imbursement. These are: taking down the Tax Re-imbursement e-form given as e-mail attachment; viewing that e-form inside a web-browser; and complying with the instructions. Additionally, the message informs that there maybe a delay in the refund if invalid records are submitted alternatively, the application is submitted beyond the deadline.
Meanwhile, if anyone views the attachment, he would find one very crafty form asking for personal information like name, address, birth date, city name, its postal code, card number along with verification number and expiry data, as well as sort code. Eventually, these details, when submitted, will all go to a United States-based Web-server, explain the security experts.
Notably, according to the repeated and regular suggestion by Australian financial institutions, the above e-mail fraud similar to several others of the kind, which prompt recipients to follow a given web-link and feed in personal data, must be strictly avoided.
In fact, the security specialists state that ATO won't ever request users to send any fees in order to get a refund. Further, it won't even send e-mail soliciting the recipient's secret information like credit card number or password.
Hence, the specialists recommend that users mustn't ever give away sensitive info particularly credit card information as a way of answering an e-mail. For, genuine financial institutions won't ever dispatch such notifications in the wake of numerous fraud attempts that have occurred in the past.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 07-02-2012