Endpoint Protection

Contributor: Nolan Kent

It’s nearly the end of the fiscal year in Australia, which means it is almost time to prepare those tax returns. Scammers are acutely aware of this fact and have already launched malicious spam campaigns and telephone scams claiming to be from the Australian Taxation Office (ATO).

Figure. Malicious spam email claiming to be from the Australian Taxation Office

Malicious spam campaign
We have observed a number of malicious spam emails sent to Australians claiming to be a refund notification from the ATO. The emails note that the recipient is eligible for a refund, and in order to receive it they need to download a ZIP attachment and launch the file within it.

Symantec products detect the file inside of the ZIP attachment as Downloader.Upatre. Upatre is a Trojan horse that downloads additional malicious software onto the compromised computer.

In this case, Upatre downloads Infostealer.Dyre, which has become one of the most popular financial fraud tools currently in operation. Knowing this, it’s clear that the scammers behind this campaign are looking to harvest financial account information from Australian citizens. You can learn more about the Dyre financial Trojan’s rise and the dangers associated with it in our blog and technical paper.

Telephone-based scams
In addition to malicious spam campaigns, hundreds of complaints have been lodged with the ATO about telephone-based scams targeting Australian citizens.

Instead of the refund-based approach that the malicious spam emails have taken, people have reported receiving phone calls threatening legal action unless they pay their tax debt over the telephone. The scammer instructs the recipient to purchase and load money onto prepaid cards from the post office. These scam callers make use of different aliases and at some points, may adopt a threatening demeanor when speaking to taxpayers who do not comply.

Four tips for staying safe this tax season
It’s always wise to remember that scammers are opportunists and tax season is a time of the year that is universally considered a hotbed for malicious and scam-related activity. When preparing to file your tax returns this year and every year, follow these four tips.

1. Be cautious of emails, SMSes and phone calls claiming to be from the Australian Taxation Office (ATO). The ATO may use letters, email, phone calls, or SMS to contact you for a number of reasons, including to remind you of a payment that is due. The ATO will never request personal information or credit card details via email. The ATO may phone you, but never threaten the taxpayer with jail time nor ask for the tax debt to be loaded onto a prepaid card.
2. If you’re not sure about the validity of any communication from the ATO, call them on 13 28 61. If you receive a phone call from someone claiming to be from the ATO, take down their information and call the ATO’s office to validate their identity and their request. You can also report suspected scam email by forwarding them to ReportEmailFraud@ato.gov.au.
3. Use security software on your computer. This is the first line of defense against attempts by criminals to steal or compromise your personal information.
4. Be sure your computer is fully patched and up-to-date. Apply all patches for your operating system and any third-party applications. This will ensure that your computer isn’t at risk of being exploited in a malicious spam campaign that uses known software vulnerabilities.

Protection
Symantec and Norton products detect the threats discussed in this blog as Downloader.Upatre and Infostealer.Dyre.