Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Australians Face Tax-Related Scams Spreading Dyre Banking Trojan

Karamjit

By Karamjit
in Security & Privacy News

Recommended Posts

Karamjit

Karamjit

Posted
Posted

Australians cold-called and asked to pay debt over the phone

Fake tax refund notifications reach email inboxes in Australia as citizens are expected to calculate their taxes and send them to the Australian Taxation Office (ATO), with the fiscal year in the country getting closer to an end.

The messages claim large returns and instruct the recipient to download a ZIP archive that is actually the Upatre malware dropper. If launched, it proceeds to install Dyre, a Trojan considered at the moment one of the most dangerous financial malware.

Scams run over email and phone

Once on the compromised system, Dyre monitors the web pages loaded by the victim and can modify them in real time to collect the credentials for logging into the online banking account.

Symantec identified the new campaign and exposed it in a blog post on Sunday. One caught by the security company pretends to be from ATO and advertises a tax refund of over AUD3,500 ($2,680 / €2,400), a sum that is likely not to be ignored by the recipient.

Apart from the email operation, Symantec warns that scammers also target Australians with phone calls, threatening with legal action if alleged debts are not paid over the phone.

“The scammer instructs the recipient to purchase and load money onto prepaid cards from the post office. These scam callers make use of different aliases and at some points, may adopt a threatening demeanor when speaking to taxpayers who do not comply,” Satnam Narang says.

Verifying the legitimacy of the request is one way to stay safe

Although ATO uses multiple means to contact Australians about unpaid taxes, it never asks for payment to be made via prepaid cards and officers would never threaten with prison time or other penalties, forcing a payment on the spot.

Users can contact the agency directly and verify a request received over the email or phone. Attachments from emails should not be opened unless the nature of the matter is known and the message is expected.

Keeping software on the computer up to date (both the operating system and other apps) is another highly recommended practice.

Source

Link to comment
Share on other sites
  • Views 508
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...