E-mail scammers have shifted their sights from a staple diet of banks, betting shops and auction sites to government agencies, with the Australian Taxation Office (ATO) calling in Federal Police over a spam deluge that tries to send taxpayers to Trojan-infected Web sites.
An ATO representative confirmed the spam outbreak illegally circulating under the ATO's moniker, saying both the e-mails and associated Web sites were under investigation by both AFP and the tax office's own internal forensics and computer investigations unit.
The ATO also confirmed that some of the scam e-mails directed unwitting recipients to an Australian-hosted Web site, which appears to have since been shifted overseas, thus muddying legal jurisdictions.
The representative added that the ATO would take action to educate customers about the scam and general e-security best practice. The ATO is also removing any embedded links from any outbound ATO e-mails.
In terms of appearance, the e-mail plagiarises the newly standardised Australian Government graphic--clearly lifted from the ATO's own Web material--and invites victims to "View your BAS payment details and activity statement deadlines", courtesy of an embedded link.
The embedded link then redirects users to a free-hosting site, which then attempts to load both a Trojan and a keystroke logger onto the user's machine.
New breed of scams
Unsurprisingly, antispam and antivirus vendors are making fast marketing mileage out of the latest outbreak, with Surf Control claiming to be the first to detect the scam.
Surf Control's Australian managing director Charles Heunemann described the combined spam and Trojan as "very clever", but warned it also represented the first wave of a new breed of e-mail scares targeting the government sector.
"We haven't seen a phishing scam like this before. It's like a war on [Australian domain addresses]. Every single person is a client of the ATO whether they like it or not. They [the phishers] can cast a very wide net," Heunemann said.
"We recommend that users either disable ActiveX or select a high security setting in Internet Explorer," he said.
For their part, government agencies say they have seen similar scams come and go recently. One senior law enforcement source told PC World that even the Australian Federal Police e-mail domain had been spoofed.
"It was headed 'You are being investigated'. We've seen a few of them," the source said.
No comments:
Post a Comment