Do they really think we’re that stupid?October 4, 2012
Phishing scams have been around for a long time. Emails supposedly from banks and the like are caught quite well by Outlook (at least, by Outlook 2010), and dropped into the Junk email folder. Outlook also exposes the full URL of a link in these sorts of emails, which means we can see where the link will take us.
For example, this is the email I got a few days ago:
Let me list how many clues there are that this email is a phishing scam:
- It was identified as Junk by Outlook — a good clue to be wary of its contents.
- It was sent around the time that many Australians might be about to receive their tax refund, if they are getting one. Another reason to be suspicious. Any Australian who’s ever received a refund from the Australian Tax Office (ATO) knows that they send a cheque with the notice of refund, or deposit the amount directly into your bank account and follow up with a notice of refund, which is printed and MAILED to you via Australia Post. I’ve never known the ATO to send out emails, particularly emails related to tax refunds.
- ‘You are eligible to receive…’, ‘submit the tax refund request’ — neither of these state that you WILL receive a tax refund. And the ATO NEVER asks you to submit any request other than your official tax return.
- ‘Allow 6-9 days to process it’ — maybe you’ll have forgotten all about it in 6-9 days so by the time you start to wonder what happened to your ‘request’ (which will no doubt ask you for money), they will have LONG gone with your money. That’s assuming the ‘reply to’ email address is correct, and if it is, that the poor ATO person inundated with ‘Where’s my refund?’ questions can answer you and tell you you’ve been suckered in to a scam.
- ‘our Taxation Office’ — but isn’t this email supposedly from the ATO? If so, then what’s the ‘our Taxation office’ sentence construction all about?
- ‘if you are eligible to receive’ — but earlier they told you you ARE eligible to receive a refund. Contradictory information in the one email is a clue that you’re being scammed.
- ‘contact you by phone or email in 48-96 hours’ — yeah, right. The follow-up email will likely be to tell you where to send the ‘fee’ they will charge for you to access your non-existent refund. And phone? Where did they get your phone number from?
- ‘access the form for your tax refund’ — again, only your official tax return is used by the ATO to assess any refund you will receive or any payment you have to make, so this is another red flag that this email is not legitimate.
- ‘Click here’ link is exposed as a site based in the Netherlands that has NOTHING to do with the ATO.
- ‘Boris DuFrene’ — does Boris really exist? According to a quick Google search, the only Boris DuFrene’s in the world are based in France and there are none associated with the Australian Securities and Investments Commission.
- ‘Australian Securities & Investments Commission’ — why would a supposed ATO email be signed by someone from ASIC? ASIC and the ATO are both Australian Government agencies, but they are NOT the same. ASIC regulates Australia’s ‘corporate, markets and financial services’, not taxation.
- The email was sent to an email address that is ONLY on my website and not used by me, which is a sure sign that some sort of crawling bot harvested it.
The sad thing is that some people might receive an email like this and click the link and get conned into revealing their details, including their phone number, address, possibly their bank account or credit card details, or conned into paying a ‘fee’ to release the non-existent money. Even more sadly is that those on limited incomes and with limited knowledge of the internet and these sorts of scams (e.g. old age pensioners), might be tempted by the promise of an amount that will pay a few bills and take the pressure off.
There should be a special place in hell for these scammers.
- Media release about this scam from ASIC:
- Search results for ‘scams’ at the ATO website, with lots of warnings:
- Information about scams and how to avoid them from ASIC:
[Links last checked October 2012]