Tax Declaration Malware Email
Home Malware “Official Tax Declaration” Email Links to Malware

“Official Tax Declaration” Email Links to Malware

by Brett M. Christensen

Outline:
“Official Notification” email claims that the Department of Finance of Australia in collaboration with the Australia Revenue Agency has discovered that your 2016 tax declaration appeared to be imprecise and you currently have an outstanding tax debt as a result. The email instructs you to click a link to download a “Tax Declaration” and then take the document to the nearest CRA/DFC office within 21 days.


Brief Analysis:
The email is not from any Australian government department. In fact, there is no tax-related Australian Government entity called the “Australia Revenue Agency”.  Nor is it from the Australian Taxation Office (ATO) as suggested by the stolen logo featured in the message.

The bogus email is designed to trick you into downloading and installing malware.  If you click the “Download Tax Declaration” link, a .zip file will be downloaded to your computer. The .zip file contains a JavaScript (.js) file.

If the ,js file is opened, it can then download and install malware on your computer.

The malware that is installed will often be ransomware. Ransomware encrypts the files on your computer and then demands that you pay a fee to online criminals to receive the decryption key. Or, the malware may be designed to steal sensitive information such as banking passwords from the infected computer.

Fake tax agency emails are commonly used to distribute malware. If you receive such an email, do not click any links or open any attachments that it contains.

Example:
Subject: OFFICIAL NOTIFICATION REGARDING YOUR TAX DECLARATION

Dear resident [Name Removed],

The Department of Finance of Australia in collaboration with Australia Revenue Agency has been performing checks of tax declarations regarding the fiscal year 2016. Your tax declaration appeared to be imprecise. As a result, you currently have an outstanding tax debt which shall be either justified or serviced.Kindly bring with you a printed copy of the attached document, a copy of your revenue declaration 2016 and your ID card/passport. To learn more about this procedure please download attached declaration:”DOWNLOAD TAX DECLARATION”Please make sure you visit the nearest CRA/DFC office within 21 days following the receipt of this notification.
Bring with you your ID and a copy of the attached document containing unique ID of your case.

Tax Declaration Malware Email



Last updated: December 20, 2016
First published: December 20, 2016
By Brett M. Christensen
About Hoax-Slayer

References
ATO “Incoming Fax Report” Malware Email
Fake ATO “Online Activity Statement” Email Links To Malware




Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer