Be wary of phishing emails: do not click on links or open attachments
Alert Priority High
9 October 2015
A number of phishing emails are circulating that purport to come from government organisations and claim to be about taxation group certificates, business licences or other important topics. These emails may direct the recipient to open links to web pages or attachments to the message.
You are advised that these messages are fake, and clicking on the link or opening the attachment may expose your computer to malicious software (malware) such as viruses. This malware may capture your bank account details or other sensitive personal information, encrypt your files and demand a ransom for the key to decrypt them, or perform other unwanted activities.
Stay Smart Online has provided alerts in the past about cases where attackers have used the names and brands of legitimate organisations to trick users into opening emails or clicking on links.
Stay Smart Online understands that at least one of the latest phishing emails is extremely convincing and lacks the grammatical and spelling mistakes that have characterised these types of emails in the past.
Stay Smart Online recommends you do not open emails from unknown senders, and that you be wary of unexpected emails. For instance, if you are not expecting a group certificate by email, do not open the email or its attachment out of curiosity. Do not click on any links in an email from a sender you do not recognise, or you do not expect to be sending you an email.
If you are unsure whether an email is legitimate, contact the source (such as your payroll department or the relevant Commonwealth agency) through a contact point that you have independently verified before opening the message.
ACORN provides information on how to recognise and avoid common forms of cybercrime, such as hacking, online scams, online fraud, identity theft, attacks on computer systems and illegal or prohibited content, as well as offering advice to those who have fallen victim.
ACORN makes it easier and more convenient to report cybercrime to a law enforcement agency.