Security Market Segment LS


JUser: :_load: Unable to load user with ID: 66
Monday, 13 July 2009 14:37

New technique used in ATO phishing attacks

Spammers have employed a new technique in their phishing attacks on the Australian Taxation Office website in an attempt to snatch tax refund details from users of the site doing their tax return online.

In the phishing scam, described by Symantec as technically ‘very nifty, the intended victims were asked to supply details and print a form which, when completed, was to be sent to the mailing address to process the tax refund.

According to Symantec in its latest phishing report, if someone completed the form and clicked on the "print" button, what actually happened was that the confidential information was sent to a server utilising the fraud domain. (iTWire readers were warned of this phishing ploy in June.)
Symantec says in the scam it observed the new technique being used by scammers at the close of the financial year, with most of the phishing attacks traced back to compromised Web servers hosted in Germany and Australia.

However, “fortunately the Australian Taxation Office took serious note of the phishing attacks and worked diligently to gain control over it,” Symantec says.

In its report, Symantec also says it observed that in June 62 percent of all attacks around the world were from unique phishing Web sites, which included more than 208 targeted known brands. In the Asia Pacific region, including Australia, Symantec observed an overall increase of 21 per cent in phishing attacks in comparison to May.

Worldwide, Symantec reports that the unique attacks increased by 27 percent from the previous month, with the increase likely to be a result of phishers evading the phishing mitigation tactics of several web hosting companies to their benefit, and partially attributed to an overall increase in the volume of phishing activity in June.


According to Symantec it also observed that 38 percent of phishing URLs in the month of June were generated using phishing toolkits, with the number of toolkit attacks increasing by nine percent, including a sudden increase in toolkit attacks during the last week of June primarily targeting the information services sectors.
The rise in toolkit attacks, says Symantec, was primarily the resurgence in phishers targeting a social networking site popular mainly in the United States, following hot on the heels of the recent phishing attacks in May targeting another popular social networking site, Facebook, “which was successfully curbed by the team at Facebook.”

Symantec says “this particular toolkit attack is most likely related to a specific Command & Control server being reactivated,” further adding that “these attacks play a significant part in populating and updating underground economy servers with stolen personal data, marketed in the maturing underground economy.”

According to Symantec, a total of 1,503 phishing sites were hosted in 92 countries, amounting to an increase of approximately 21 percent of IP attacks in June in comparison to the previous month.

The report reveals that the Greater China region accounted for approximately 19 percent of IP attacks in the month, the highest observed from the Asia Pacific region, as compared to the previous months.

Free Web-hosting services has been the easiest form of phishing in terms of cost and technical skill required to develop fake sites, says Symantec, with a total of 143 different Web hosting services serving as the home for 2,814 phishing sites in the month of June.
Symantec also observed that there was a significant increase in the number of free Web-hosting services utilised for developing phishing sites, after analysing more than 77 brands based upon the geo-location of their Web hosts as well as the number of unique URL’s utilised to lure victims to the phishing Web hosts.
In June, Symantec also found that phishing attacks in Italian, French and Chinese languages were higher, with French language attacks returning to the top position after a gap of a couple of months. The security firm also says it observed that phishing Web sites in Italian and French language remained higher for some popular financial brands. Italian and French language phishing sites, it says, were mainly from the financial sector, while Chinese language phishing sites were from the e-commerce sector.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]




Recent Comments