Businesses are being hit with extremely sophisticated phishing attacks appearing to come from the Australian Taxation Office, promising to increase the value of their tax returns, security group Symantec warns.
Informing staff to be vigilant when checking emails and ignoring anything other than official ATO correspondence are just some of the methods businesses must use to ensure their networks remain safe during tax time.
Symantec principal systems engineer Adrian Covich says these attacks are becoming more sophisticated, and are more difficult to distinguish from official ATO emails.
“We are seeing an increase in the number of ATO-based claims. We saw a number of them last year, and the same will happen again. We also saw an increase in the number of claims in the US and Britain as well.”
“These attacks are not obvious anymore. They have become quite complex, and the best way to be on guard against to them is to know that you’re not going to get any sort of solicitation from the tax office directly. You should always be suspicious.”
Covich says these emails will often promote early tax returns, as well as a number of messages requesting small businesses update their tax details. They will often use official ATO graphics, and pull different fonts and other visual elements from real ATO emails to make the deception even more authentic.
“A lot of this is really topical, because it’s how spammers and phishing campaigns work. We’ve seen a fair bit of World Cup stuff, and now because tax returns are on people’s minds, we’re seeing a lot more activity around this.”
Additionally, Covich says small businesses are specifically being targeted because of their inadequate security. Many SMEs don’t have IT departments and lack the technology needed to screen these emails.
“Don’t think that because you’re a small company you’re not a target. Many small businesses fall into the idea that because they’re not a BHP or an ANZ, they won’t targeted, but that couldn’t be further from the truth. Home PCs and small businesses are seen as good targets.”
But SMEs don’t need the latest, most expensive security screening software to stay safe. Covich says that most reputable security systems will do a good job of screening out spam.
“Firstly, you need to make sure the filtering software is up to date. Always use a reputable filter, because free isn’t always best. Also, check the service level agreement you have with your provider, and make sure you’re being blocked from everything.”
“You also need to inform staff about these emails, because you don’t want them opening emails and then making you part of a botnet.”
Ultimately, he says, prevention is the best cure. Don’t open anything unless you know it’s specifically from the ATO and have confirmed any correspondence as genuine.
“You need to be on guard against this sort of stuff, and the best way to do that is to always be suspicious. Assume everything is a phishing scam unless you know for sure it has been sent by the ATO.”
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.