New technique used in ATO phishing attacks

Peter Dinham
Monday, 13 July 2009 14:37

Business IT - Security

Spammers have employed a new technique in their phishing attacks on the Australian Taxation Office website in an attempt to snatch tax refund details from users of the site doing their tax return online.

In the phishing scam, described by Symantec as technically ‘very nifty, the intended victims were asked to supply details and print a form which, when completed, was to be sent to the mailing address to process the tax refund.

According to Symantec in its latest phishing report, if someone completed the form and clicked on the "print" button, what actually happened was that the confidential information was sent to a server utilising the fraud domain. (iTWire readers were warned of this phishing ploy in June.)
      
Symantec says in the scam it observed the new technique being used by scammers at the close of the financial year, with most of the phishing attacks traced back to compromised Web servers hosted in Germany and Australia.

However, “fortunately the Australian Taxation Office took serious note of the phishing attacks and worked diligently to gain control over it,” Symantec says.

In its report, Symantec also says it observed that in June 62 percent of all attacks around the world were from unique phishing Web sites, which included more than 208 targeted known brands. In the Asia Pacific region, including Australia, Symantec observed an overall increase of 21 per cent in phishing attacks in comparison to May.

Worldwide, Symantec reports that the unique attacks increased by 27 percent from the previous month, with the increase likely to be a result of phishers evading the phishing mitigation tactics of several web hosting companies to their benefit, and partially attributed to an overall increase in the volume of phishing activity in June.

CONTINUED page 2