For the first time in 20+ years in IT I fell for a scam. I actually clicked on a link in a scam email. Malwarebytes saved me (it is awesome – see why here), but that was the first time I have ever clicked on a scam email link.
In my defence, it was the best scam email I have ever seen. No Nigerian astronauts. No fake invoices. This was an almost exact copy of a real email – plus it was sent to the correct email address for my ATO correspondence (it’s one I rarely use), and it was sent at the right time of year. It is almost identical to the real one sent by the Australian Taxation Office.
Here is the scam email (it is an image, so there is no danger – no live links):
Fake ATO Activity Statement Notification Scam Email
And below is what the legitimate email from the ATO looks like:
Pretty similar hey?
There were two tell tales that I missed:
Grammar
In the fake email it says “Your next activity statement are now available”. Should be “statements are” or “statement is”. When English isn’t your first language, our pluralisation rules are tough. Every single scam email I have ever seen has gramatical errors. They copied and pasted most of the rest of the email, so I didn’t see any other errors.
Email Address
The email address looked legit, but it had one little added part:
The part to notice here is the “via sendgrid.net”. That means they are relaying the email, and thus it is not really from basnotification@ato.gov.au (which is a real address).
That was a very close call. And I like to think I know what I am doing.
But Wait, There’s More
Then I checked the rest of my emails and found another one (again I have put this here as an image, so no unsafe links):
Fake ASIC Company Business Name Renewal Letter Email Scam
The only error I see in this is a missing space between link and remain in the third sentence.
Again the scammers used a convincing looking email return address:
Which again has the “via sendgrid.net”
And again, this was sent to me, and I did have a business name due for renewal. This is public info, so I don’t think ASIC has been hacked.
The scammers are getting better.
Here’s an article I have written about how to stay safe from scams.
Be alert! Warn your friends. And get Malwarebytes.
I got a spam email recently.
I didn’t fall for it, but I think that I was close to falling. And I think that many people will fall for this one.
I had not long logged into my my.gov.au account when the email arrived. So that was good timing on their part! Then I read the email a bit closer and, as you said in your article, the grammar is usually not quite correct. This had one small mistake.
Then I re-read the email address. It hadn’t come from xxx@my.gov.au – it had come from xxx@my.gov.com.au!
So sneaky!
Yeah, I got some spam email at an email address I used exclusively for ASIC, nobody else had it, most likely the ASIC database was hacked or on-sold. They denied it as expected.