Scamwatch round-up – ATO, Microsoft OneDrive and St George

Scamwatch round-up – ATO, Microsoft OneDrive and St George

The phishing scams targeting Australians this week

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, the Australian Taxation Office (ATO), Microsoft OneDrive and St George were among the brands used by digital scammers.

Email filtering company Mailguard picked up a fake email purporting to be from the Australian Taxation Office (ATO) on 28 May.

The "warning document" was a phishing scam. The message contained a link which led recipients to a page designed to look like a real ATO page.

The online scammers were using the page to gain recipients login details.

On the same day, Mailguard also identified a fake OneDrive email in another phishing scam. This scam was also designed to collect recipients' login details.

A fake MYOB notification email with the intent to collect Microsoft users' account details was also picked up.

A link within the message would take recipients to a fake login page in an attempt to harvest recipients' details.

On 29 May, Mailguard identified a fake invoice email being sent from different senders. The simply designed message had a link to what is supposed to be either an invoice or a receipt but Mailguard believes the messages were infected with malware.

The latest scam identified was a fake infringement notice being sent from several different email accounts.

The vendor also noticed that there were variations on the basic email format with different fine amounts and “officer names".

The link within the emails points recipients to an archive file which is infected with JavaScript malware.

On 31 May, Mailguard spotted an email using St George bank's name and branding in what seemed to be a scam to acquire recipients' bank login details.

The message said that irregular activities had been detected on the recipients' credit card and the account was being temporarily suspended.

After recipients were taken to a fake webpage and entered their login details further phishing pages were presented to the recipient in an attempt to harvest email address and phone number.

"The extensive data demanded by these phishing pages would enable the scammers behind this attack to execute sophisticated identity theft fraud," Mailguard wrote in a blog post.    

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ATOst george bankOneDrive

Show Comments