New malware scam cites ATO to target Windows users

New malware scam cites ATO to target Windows users

Fresh email campaign uses recipients' own domains to convince victim of legitimacy

Australian Microsoft Windows users have been targeted by an email scam in which the sender poses as someone who incorrectly received the victim’s information.

In the new scam, revealed by email filtering firm MailGuard, the sender pretends to be forwarding a document from the Australian Taxation Office (ATO) supposedly intended for the end victim. The sender claims to have mistakenly received the victim’s tax information and asks what should be done to solve the problem.

“The fraudster behind the scam poses as a good samaritan, and pretends to do the victim a favour by forwarding a document intended for them, supposedly from the Australian Taxation Office,” said MailGuard CEO Craig McDonald.

One of the reasons why this appeals to the victims is the fact that the sender references the victims' own domains, according to MailGuard.

By asking the recipients if they received a particular document with a link to the document in question, it lures the person into clicking on a link to a document loaded with malware. 

The scam emails also use a different sender name for every occasion to avoid detection.

Screenshot (MailGuard)
Screenshot (MailGuard)

“It uses an original tact: ‘I am contacting you to solve this problem because I have never worked in your company’ in a rarely-seen attempt to deceive,” said McDonald.

Only Microsoft Windows users are able to download the word document in the emails. Mac and Linux users can’t download it. According to MailGuard, the malware payload takes the form of a Macro embedded in a document. 

This is not the first time the ATO has been used in order to infect Australians’ computers. In February, MailGuard also revealed a “high-risk” malicious batch of emails with the potential to infect computer systems with anything from keylogging spyware to file-encrypting ransomware CryptoLocker.

The ATO advises people who believe to have received a malicious email to not click or open any links, instead forward the entire message to

Most recently, accounting software provider MYOB had its brand hijacked in what was reported to be “the biggest scam email influxes” MailGuard detected in the past 12 months.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareWindowsATOscam

Show Comments