Go to top of page

Researchers warn of fake ATO emails carrying ransomware

Priority Level: 
23 February 2017

Researchers are warning of a widely distributed email that claims to be from the Australian Taxation Office but actually aims to infect computers with malicious software.

The researchers say the malicious email tries to trick recipients by claiming their Business Activity Statements (BAS) are available to view, and includes a link that claims to enable recipients to download their BAS. The ATO advises that BAS statements are not provided by email.

Recipients who click on the link automatically download a file that itself downloads malicious software such as ransomware (a type of software that extorts money from victims by preventing access to their computer or files) or keyloggers (software that records every keystroke made on a computer to capture passwords and other sensitive information), the researchers say.

The individuals who created the email have incorporated logos and branding from the Australian Taxation Office to make the message appear legitimate. In addition, the sender email address “Basnotification[at]ato.gov.au” also appears to be legitimate.

Staying safe

If you receive the email, you should report it to the Australian Competition and Consumer Commission's SCAMWatch website.

Stay Smart Online recommends any users who are unsure about whether an email is legitimate should contact the organisation, department or individual that the message purports to come from, using a number independently located on a website, phonebook or bill.

People whose computers have been infected by ransomware should restore the affected files from backups and update their systems. Stay Smart Online has information about how to do this, and we recommend people seek technical advice if they are unsure about next steps.

Stay Smart Online recommends against paying any ransom demanded to decrypt files. There is also no guarantee the attackers will provide a working decryption tool, and victims are not protected against future attacks.

You should also keep your anti-virus software up to date to protect your computer against infection.

The Australian Taxation Office says people who believe they have been the victim of a tax-related scam can call 1800 008 540 (8.00am - 6.00pm, Monday to Friday) for assistance. They can report suspected tax-related email scams to the ATO by forwarding the email to ReportEmailFraud [at] ato.gov.au (report email fraud).

The online security page on the ATO website also includes information about how people can protect themselves online. This page includes details of current ATO SMS and email communications.

If you think that your Tax File Number or any other tax information has been compromised or used by an unauthorised person, you should call the ATO's Identity Support Centre on 1800 467 033 (8.00am–6.00pm, Monday to Friday).

More information

Stay Smart Online has information about protecting your computer.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.