“Official Tax Declaration” Email Links to Malware

Outline:
“Official Notification” email claims that the Department of Finance of Australia in collaboration with the Australia Revenue Agency has discovered that your 2016 tax declaration appeared to be imprecise and you currently have an outstanding tax debt as a result. The email instructs you to click a link to download a “Tax Declaration” and then take the document to the nearest CRA/DFC office within 21 days.




Brief Analysis:
The email is not from any Australian government department. In fact, there is no tax-related Australian Government entity called the “Australia Revenue Agency”.  Nor is it from the Australian Taxation Office (ATO) as suggested by the stolen logo featured in the message.

The bogus email is designed to trick you into downloading and installing malware.  If you click the “Download Tax Declaration” link, a .zip file will be downloaded to your computer. The .zip file contains a JavaScript (.js) file.

If the ,js file is opened, it can then download and install malware on your computer.

The malware that is installed will often be ransomware. Ransomware encrypts the files on your computer and then demands that you pay a fee to online criminals to receive the decryption key. Or, the malware may be designed to steal sensitive information such as banking passwords from the infected computer.

Fake tax agency emails are commonly used to distribute malware. If you receive such an email, do not click any links or open any attachments that it contains.



Example:
Subject: OFFICIAL NOTIFICATION REGARDING YOUR TAX DECLARATION

Dear resident [Name Removed],

The Department of Finance of Australia in collaboration with Australia Revenue Agency has been performing checks of tax declarations regarding the fiscal year 2016. Your tax declaration appeared to be imprecise. As a result, you currently have an outstanding tax debt which shall be either justified or serviced.Kindly bring with you a printed copy of the attached document, a copy of your revenue declaration 2016 and your ID card/passport. To learn more about this procedure please download attached declaration:”DOWNLOAD TAX DECLARATION”Please make sure you visit the nearest CRA/DFC office within 21 days following the receipt of this notification.
Bring with you your ID and a copy of the attached document containing unique ID of your case.

Tax Declaration Malware Email




Last updated: December 20, 2016
First published: December 20, 2016
By Brett M. Christensen
About Hoax-Slayer

References
ATO “Incoming Fax Report” Malware Email
Fake ATO “Online Activity Statement” Email Links To Malware