ATO warns of myGov scam campaign
The ATO has warned Australians to be on the alert for an SMS and email phishing campaign targeting myGov users.
Attackers are sending spoof email and SMS disguised as legitimate ATO and myGov SMS messages that include shortened links leading to compromised domains hosting pages designed to skim login details.
The ATO advised that no legitimate email or SMS notifications from myGov will include a link to log in to a user’s myGov account. The agency is also advising myGov users to make their accounts more secure by adding two-factor identification over SMS.
“All online management of your personal tax affairs should be done in ATO online services, accessed through your genuine myGov account,” the advisory states.
“Any communications containing your personal information, such as your tax file number (TFN), will be sent to your myGov inbox, not your email account.”
Suspected fraudulent SMS or emails can be sent to reportemailfraud@ato.gov.au.
Cloud security company Mimecast announced that its threat intelligence team has confirmed that a combination of COVID-19 and ATO-themed phishing campaigns commenced early this month.
“The Mimecast Threat Intelligence team observed a series of malicious sending addresses and Australian government-themed phishing pages, many of which appear worryingly legitimate,” the company said in a statement.
Spoof addresses used in the campaign include australiantaxaionofficegov@webmailalerts.com, atogov@webmailalerts.com and australiataxationoffice@secureadminemail.com.
Australian law enforcement agency adopts DroneShield technology
An Australian law enforcement agency has selected Droneshield's counter-drone solutions under...
Workato completes IRAP assessment
Enterprise orchestration platform Workato has been assessed as suitable for handling Australian...
Australian Human Rights Commission discovers data leak
The Australian Human Rights Commission has announced a data breach concerning attachments...