Do they really think we’re that stupid?

October 4, 2012

Phishing scams have been around for a long time. Emails supposedly from banks and the like are caught quite well by Outlook (at least, by Outlook 2010), and dropped into the Junk email folder. Outlook also exposes the full URL of a link in these sorts of emails, which means we can see where the link will take us.

For example, this is the email I got a few days ago:

Let me list how many clues there are that this email is a phishing scam:

  • It was identified as Junk by Outlook — a good clue to be wary of its contents.
  • It was sent around the time that many Australians might be about to receive their tax refund, if they are getting one. Another reason to be suspicious. Any Australian who’s ever received a refund from the Australian Tax Office (ATO) knows that they send a cheque with the notice of refund, or deposit the amount directly into your bank account and follow up with a notice of refund, which is printed and MAILED to you via Australia Post. I’ve never known the ATO to send out emails, particularly emails related to tax refunds.
  • ‘You are eligible to receive…’, ‘submit the tax refund request’ — neither of these state that you WILL receive a tax refund. And the ATO NEVER asks you to submit any request other than your official tax return.
  • ‘Allow 6-9 days to process it’ — maybe you’ll have forgotten all about it in 6-9 days so by the time you start to wonder what happened to your ‘request’ (which will no doubt ask you for money), they will have LONG gone with your money. That’s assuming the ‘reply to’ email address is correct, and if it is, that the poor ATO person inundated with ‘Where’s my refund?’ questions can answer you and tell you you’ve been suckered in to a scam.
  • ‘our Taxation Office’ — but isn’t this email supposedly from the ATO? If so, then what’s the ‘our Taxation office’ sentence construction all about?
  • ‘if you are eligible to receive’ — but earlier they told you you ARE eligible to receive a refund. Contradictory information in the one email is a clue that you’re being scammed.
  • ‘contact you by phone or email in 48-96 hours’ — yeah, right. The follow-up email will likely be to tell you where to send the ‘fee’ they will charge for you to access your non-existent refund. And phone? Where did they get your phone number from?
  • ‘access the form for your tax refund’ — again, only your official tax return is used by the ATO to assess any refund you will receive or any payment you have to make, so this is another red flag that this email is not legitimate.
  • ‘Click here’ link is exposed as a site based in the Netherlands that has NOTHING to do with the ATO.
  • ‘Boris DuFrene’ — does Boris really exist? According to a quick Google search, the only Boris DuFrene’s in the world are based in France and there are none associated with the Australian Securities and Investments Commission.
  • ‘Australian Securities & Investments Commission’ — why would a supposed ATO email be signed by someone from ASIC? ASIC and the ATO are both Australian Government agencies, but they are NOT the same. ASIC regulates Australia’s ‘corporate, markets and financial services’, not taxation.
  • The email was sent to an email address that is ONLY on my website and not used by me, which is a sure sign that some sort of crawling bot harvested it.

The sad thing is that some people might receive an email like this and click the link and get conned into revealing their details, including their phone number, address, possibly their bank account or credit card details, or conned into paying a ‘fee’ to release the non-existent money. Even more sadly is that those on limited incomes and with limited knowledge of the internet and these sorts of scams (e.g. old age pensioners), might be tempted by the promise of an amount that will pay a few bills and take the pressure off.

There should be a special place in hell for these scammers.

See also:

[Links last checked October 2012]


  1. Hi, Rhonda, the WSJ recently had an interesting piece arguing that phishing scams may be this obvious on purpose, namely to weed out smart people who will be trouble to scammers:

    “Cormac Herley, a computer scientist at Microsoft Research … [looks] at the situation not from the victim’s point of view but from that of the scammers. Their challenge is to hook only people who will get sucked in deeply enough to send a significant amount of money—the ‘true positives.’ They must minimize the effort they devote to ‘false positives’ (targets who might seem like dupes but are suspicious and/or never pay up).”

    From http://online.wsj.com/article/SB10000872396390443931404577548813973954518.html

  2. Thanks for the link to the article, Kai!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: