The Australian Taxation Office (ATO) has issued a warning against a phishing e-mail currently in circulation that claims to be from the tax office.
The e-mail fraudulently uses the ATO logo and comes with the words 'Australian Taxation Office - Please Read' in the subject line.
Claiming to offer a refund from the ATO, the message asks users to click on a link that redirects to a fraudulent Web site. (see screenshot)
According to IT management software vendor CA, the phisher has made no attempt to obfuscate the Web site's true URL. Three variants of the phishing Web site have been reported so far, with one using a URL registered in the Netherlands, and others using a French URL.
The phishing site is not known to contain any malicious software but purports to be from the ATO, and asks users for credit card and personal details. (see screenshot)
"Once a user has clicked on a link inside the spammed email, it might not be immediately obvious to the user that they have landed on a password stealing site," said Chris Thoma, Security Solution Strategist at CA Pacific.
While CA has not yet published any figures to do with the span of the attack, Thomas does not believe that it has occurred on a large scale.
The ATO's Second Commissioner, Greg Farr, said the department has notified relevant authorities who are investigating the matter.
"People should be wary of unsolicited emails claiming to be from the Tax Office," he said.
"The Tax Office will never send out e-mails to taxpayers asking them to provide personal information including credit card details."
CA's Thomas said: "Users should always check where links provided in an email actually lead to. In this case, do not click on any links that are in emails that seem to be sent from the ATO."
Recipients of the phishing e-mail are advised to delete it immediately. People who have entered their credit card information on the website are advised to contact their credit card provider as soon as possible and report a possible compromise.
More information is available from CA's security advisory.