ATO CIO: Tax phishing sites are 'a fact of life'

ATO CIO: Tax phishing sites are 'a fact of life'

Summary: As a fresh round of phishing spam targets Australian tax payers, the ATO's CIO has warned fake Web sites designed to steal Australian credit card and personal details are "a fact of life".

SHARE:

As a fresh round of phishing spam targets Australian tax payers, the ATO's CIO has warned fake Web sites designed to steal Australian credit card and personal details are "a fact of life".

The latest phishing scam, detected by security company Trend Micro, aims to trick recipients into giving away their details by claiming a tax refund is awaiting them and directing them to a fake version of the ATO Web site.

While the spam message is poorly worded -- signed at the bottom "Regards, Australian Government" -- the fake site used to capture would-be victims' credit card details is almost identical to the authentic one.

The input fields ask for the intended victim's credit card number, expiration date and the CVV code -- the three-digit security code used to authenticate transactions where the cardholder is not present -- as well as secondary identifiers such as birth date, home address and mother's maiden name.

The ATO's CIO Bill Gibson told ZDNet.com.au that the ATO does not send e-mails to its clients regarding tax returns, but added that the problem of fake Web sites has become so common it is "a fact of life" for the tax office.

Fact of life: Fake ATO Web site.

Credit: Verna Sagum, TrendMicro Content Security Team

"We know of sites that masquerade as the ATO's Web site. We know of URLs that look or sound awfully like the ATO or the government and every time we are aware of one, we try to deal with it," said Gibson.

"We don't have control over domain naming standards but where someone is clearly putting up something that is fraudulent we pursue the matter with ISPs as aggressively as we can. For us, it's almost a fact of life that this is out there. It's something you need to be watching for and making sure your users are not affected by," he added.

Topics: Government, Collaboration, Government AU, Malware, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Education not technology can reduce the impact

    No matter what technology solution is created to deal with scams, the scammers will always outhink them.

    The only thing they can not out think is a person.

    Education of people - even a basic rule - if you think it is suspicious - then is probably is - DELETE IT .

    Scammers work on the lack of education of users to get them to part with information.

    Its simple - if someone is asking you for information you would not want plastered over the front page of every newspaper in the world, every TV in the world and every computer in the world - then don't give it to them.

    There wuill always be another way a genuine request will be able to be handles in person - through a trusted agent etc.

    Its time we stopped barking at CIO's and Technology people and instead focussed on the educators in our society.
    anonymous