For the first time in 20+ years in IT I fell for a scam. I actually clicked on a link in a scam email. Malwarebytes saved me (it is awesome – see why here), but that was the first time I have ever clicked on a scam email link.
In my defence, it was the best scam email I have ever seen. No Nigerian astronauts. No fake invoices. This was an almost exact copy of a real email – plus it was sent to the correct email address for my ATO correspondence (it’s one I rarely use), and it was sent at the right time of year. It is almost identical to the real one sent by the Australian Taxation Office.
Here is the scam email (it is an image, so there is no danger – no live links):
Fake ATO Activity Statement Notification Scam Email
And below is what the legitimate email from the ATO looks like:
Pretty similar hey?
There were two tell tales that I missed:
In the fake email it says “Your next activity statement are now available”. Should be “statements are” or “statement is”. When English isn’t your first language, our pluralisation rules are tough. Every single scam email I have ever seen has gramatical errors. They copied and pasted most of the rest of the email, so I didn’t see any other errors.
The email address looked legit, but it had one little added part:
The part to notice here is the “via sendgrid.net”. That means they are relaying the email, and thus it is not really from firstname.lastname@example.org (which is a real address).
That was a very close call. And I like to think I know what I am doing.
But Wait, There’s More
Then I checked the rest of my emails and found another one (again I have put this here as an image, so no unsafe links):
Fake ASIC Company Business Name Renewal Letter Email Scam
The only error I see in this is a missing space between link and remain in the third sentence.
Again the scammers used a convincing looking email return address:
Which again has the “via sendgrid.net”
And again, this was sent to me, and I did have a business name due for renewal. This is public info, so I don’t think ASIC has been hacked.
The scammers are getting better.
Be alert! Warn your friends. And get Malwarebytes.