{"id":1479,"date":"2019-04-06T19:33:39","date_gmt":"2019-04-06T19:33:39","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=1479"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Fake-ATO-\"Online-Activity-Statement\";-Email-Links-to-Malware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=1479","title":{"rendered":"Fake ATO &#8220;Online Activity Statement&#8221;; Email Links to Malware"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\nEmail purporting to be from the Australian Taxation Office (ATO) claims that you can click a link to download your next online activity statement.<\/p>\n<p><span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe email is not from the ATO and it is not a legitimate \u00a0activity statement notification. Clicking the link downloads \u00a0a .zip file that harbours a malicious \u00a0JavaScript file. If you open this JavaScript file, malware can be downloaded and installed on your computer.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"4870821038\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"3086\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-ato-online-activity-statement-email-links-to-malware\/online-activity-statement-ato-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1.jpg\" data-orig-size=\"800,722\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"online-activity-statement-ato-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1-300x271.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1.jpg\" class=\"aligncenter size-full wp-image-3086\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1.jpg\" alt=\"ATO Online Activity Statement Malware Email\" width=\"800\" height=\"722\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1-300x271.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1-768x693.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-1-222x200.jpg 222w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/div>\n<div class=\"example\"><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"3088\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-ato-online-activity-statement-email-links-to-malware\/online-activity-statement-ato-malware-3\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3.jpg\" data-orig-size=\"800,640\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"online-activity-statement-ato-malware-3\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3-300x240.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3.jpg\" class=\"aligncenter wp-image-3088\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3.jpg\" alt=\"Fake ATO Online Activity Statement Notification\" width=\"739\" height=\"591\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3-300x240.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3-768x614.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3-250x200.jpg 250w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/online-activity-statement-ato-malware-3-100x80.jpg 100w\" sizes=\"(max-width: 739px) 100vw, 739px\" \/><\/a><\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nAccording to this email, which claims to be an activity statement notification from the Australian \u00a0Taxation Office, your next online activity statement is now available. It invites you to click a link to download your statement. The rest of the email contains generic information about lodging your \u00a0BAS, lodgement due dates, and where to get further information.<\/p>\n<p>However, the email is not from the ATO and it is not a genuine activity statement notification. Clicking the download link does not retrieve \u00a0an activity statement as you might expect.  \u00a0Instead, it downloads a .zip file that contains a JavaScript (.js) file. If you click \u00a0this file, a malicious JavaScript may then download \u00a0and install malware on your computer.<\/p>\n<p>The exact nature of the malware payload may vary. The JavaScript technique  \u00a0is often used to infect computers with ransomware, which, once installed, can encrypt all of the files on your computer and then demand that you pay  \u00a0a fee to online criminals \u00a0to get a decryption key. Or, the JavaScript may download and install malware that can steal information such as online banking usernames and passwords.<\/p>\n<p>Criminals \u00a0have used <a title=\"ATO ' Tax Agent Report' Malware Email\" href=\"http:\/\/www.hoax-slayer.com\/ato-delayed-tax-returns-malware.shtml\">similar ruses<\/a> in the past to <a title=\"ATO \u00e2\u20ac\u0153Right To Obtain A Refund\" Malware Emails\" href=\"http:\/\/hoax-slayer.net\/ato-right-to-obtain-a-refund-malware-emails\/\">try to trick people<\/a> into installing malware.<\/p>\n<p>If you receive \u00a0one of these emails, do not click any links or open any attachments \u00a0that it contains.<\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p class=\"date\">Last updated: November 8, 2016<br \/>\nFirst published: November 8, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"ATO ' Tax Agent Report' Malware Email\" href=\"http:\/\/www.hoax-slayer.com\/ato-delayed-tax-returns-malware.shtml\">ATO &#8216; Tax Agent Report&#8217; Malware Email<\/a><br \/>\n<a title=\"ATO \u00e2\u20ac\u0153Right To Obtain A Refund\" Malware Emails\" href=\"http:\/\/hoax-slayer.net\/ato-right-to-obtain-a-refund-malware-emails\/\">ATO \u00e2\u20ac\u0153Right To Obtain A Refund&#8221; Malware Emails<\/a><br \/>\n<a title=\"ATO - Think before you click\" href=\"https:\/\/www.ato.gov.au\/newsroom\/smallbusiness\/general\/think-before-you-click\/\">ATO &#8211; Think before you click<\/a><\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Primary Matched Content --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"2703041438\" data-ad-format=\"autorelaxed\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/fake-ato-online-activity-statement-email-links-to-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/fake-ato-online-activity-statement-email-links-to-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: Email purporting to be from the Australian Taxation Office (ATO) claims that you can click a link to download your next online activity statement. Brief Analysis: The email is not from the ATO and it is not a legitimate \u00a0activity statement notification. Clicking the link downloads \u00a0a .zip file that harbours a malicious \u00a0JavaScript [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1479","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1479"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1479"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1479\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}