Those spammers have been busy. In addition to the Facebook warning issued by web security company Symantec, they have now issued a warning against fake emails from the Australian Taxation Office.
Symantec recently observed a fresh round of phishing scams targeting the Australian Taxation Office (ATO). Cybercriminals are distributing emails that falsely claim to be from the ATO and offer online tax refunds. The emails bear the tax office logo and lure consumers to visit the phishing link to complete the fake tax refund request. Some phishing links direct Australians to a fake tax refund form, requiring them to input details such as their Tax File Number, credit card number and ATM pin.
If a consumer completes the form and presses the ‘print’ button, these details are quickly submitted to the cybercriminals.
Online fraudsters are getting smarter and more sophisticated when it comes to executing their scams as consumers are becoming more aware and educated about phishing tactics. For example, rather than asking intended victims to respond by email, which many know not to do, this particular scam asks intended victims to supply their details and print off a form, even providing a mailing address so that the form can be processed.
To help protect personal information Symantec recommends the following:
1. Always maintain a level of caution around any messages from within a website or that appear to be sent by a website. If a user clicks on a link, double-check the actual domain that is shown at the top of the page. It’s best practice to type the direct Web address directly into your address bar rather than rely upon links from a message
2. Maintain an up-to-date browser and operating system. Use security software and check out web safety services, where a community of web users collaborate to report dangerous phishing and malware sites
3. Double check you’ve arrived at the correct destination. When clicking over to the ATO (or any site) make a habit of looking at what appears in the address line. You might not always be able to spot a fake site but in the case of this particular scam, it’s obviously not www.ato.gov.au
4. Be suspicious of requests to enter your account name and password
5. Don’t click on suspicious links or email attachments