Spammers Lure Australian Users with Tax Refund

 Analysis by: Francis Allen Alindogan

Subject: Australian Taxation Office - Refund

Tax season is one of the most used social engineering lure by cybercriminals. US Tax season, in particular, have been a favorite target of spammers in the past. However, tax seasons in other regions are not completely of the hook.

We received email samples of an email purportedly from the Australian government. The email promises a tax refund for recipients, which make it appealing. It also contains the official logo of the Australian government, which might further convince users that the email is legitimate.

Users are then asked to complete the attached file to complete the application. Unfortunately, the attached is a malware detected as HTML_PHISHER.USH. This malware redirects users to a webpage that asks for certain information, which the malware gathers and sends to a specific URL.

For better protection, users must always double-check the email they receive. Make sure to do your research and check the Australian Government website or other credible site.
  • PATTERN:9914