With the end of the financial year closing in, opportunistic scammers are distributing phishing emails that purport to be from the ATO and offer online tax refunds.
The phishing email, titled "Tax Refund Online" attempts to lure unsuspecting users into sharing their credit card information in order to receive a faster tax refund.
The email reads:
"Dear [e-mail address]
After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of AUD $452
Please submit the tax refund and allow us 2-5 business days in order to process it.
To access the form for your tax refund, please go to:
[URL]
Australian Government
Australian Taxation Office"
The URL link reads as the familiar ato.gov.au address and redirects to a page that looks and feels like an ATO web page - complete with a functional version of the tax office's own toolbar and search engine at the top right of the page.
But the page is actually hosted at the aptom.net domain.
The user is first asked to enter some information about total taxable income and tax paid before being directed to a second page seeking credit card details.
"Please enter your Info and the Card where refunds will be made," the site reads. "You are advised to use a Mastercard card so we can process your refund faster and safer."
"For security reasons, we will record your IP-address and date. Deliberate [sic] wrong inputs are criminally pursued and indicted."
The phishing scam is one among many targeting Australian taxpayers.
Older examples, and advice on how not to get sprung, are listed here.
The ATO has been contacted by iTnews to comment on the latest threat.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
