Gone phishing

I arrived in the office this morning, as I do most days, to a mountain of new emails to play with for the next couple of hours. Whilst I don’t usually share the details of these on a public medium (for obvious reasons), there was one today that I thought was worth detailing for you all. A timely reminder, if nothing else.

One client received an email over the weekend, apparently from “<individuals@ato.gov.au>” with an official-looking signature. The email mentions that the tax office have recalculated her refund and there is an amount of around $568 owing to her. It provides an official-looking link, which when followed is supposed to provide a form where the recipient can complete the blanks and post back to the tax office.

Had the site worked – and thankfully, it has been disabled – the form would have asked for her bank account details including PIN, or credit card details including the three digit security code. When clicking the print button, it would actually send the information electronically as well.

This, clearly, would not have ended happily.

I know that most of you reading this will be savvy enough to know what is going on by this point, but the lovely client who forwarded the email on to me only did so to ask why the form was broken and what the next step should be to get her additional refund.

Michael D’Ascenzo, the Commissioner of Taxation, has commented on these types of things before, saying that anyone receiving such an email should delete it immediately; “The Tax Office never sends emails asking people to provide personal information including credit card details. People should always be wary of unsolicited emails claiming to be from the Tax Office.”

It helps to bare in mind that should the tax office want your bank account details, they just need to ask the bank. If you don’t believe that the bank can provide such details… try not paying a tax bill and see what happens next 😉