Online Scams

Email phishing scam claiming to be from the Australian Taxation Office

Norton LifeLock is aware of an email phishing scam claiming to be from the Australian Taxation Office (ATO) and featuring a Norton logo. The scam aims to collect MyGov usernames and passwords from Australian victims for cybercriminals to use for identity theft and fraud.

If you receive a suspicious email claiming to be from the ATO and featuring a Norton logo, please do not click any links, open attachments or respond to the sender. Forward the entire email to the Australian Taxation Office via ReportEmailFraud@ato.gov.au without changing or adding any additional information and delete from your inbox and sent folder.

An overview of the scam is below. Please do not follow these steps:

1) Australians will receive an email from a fake email address. Signs of this email include:

a. The email Address: ‘Shipment in Transit” NOT the ATO address.
b. Email subject heading: “ATO DOCUMENT ATTACHED”
c. Sender signature: Alphas Tax Agents
d. Receiver details: Your name will not feature in the email

2) The email will claim the ATO is trying to contact you in regard to an undisclosed matter

3) The email will direct you to download and review a PDF attachment. The attached PDF file includes ATO branding and a Norton logo

4) The PDF will ask you to click a link which will redirect you to a page with the ATO logo tiled as a background

5) The scam will then ask you to login into the page using your myGov details

How to identify a scam email:

  1. Be cautious of emails, SMS’s and phone calls claiming to be from the Australian Taxation Office (ATO). The ATO may use letters, email, phone calls, or SMS to contact you for a number of reasons, including to remind you of a payment that is due. The ATO will never ask you for your Tax File Number or bank details via email or SMS; they will never contact you using social media sites like Facebook or Twitter to ask for your personal information; nor send you an email from an unofficial email address or provide your personal information to anyone without your consent. The ATO may phone you but will not threaten taxpayers with imprisonment nor ask for the tax debt to be loaded onto a prepaid card.
  2. If you’re not sure about the validity of any communication from the ATO, call them directly. If you receive a phone call from someone claiming to be from the ATO, take down their information and call the ATO’s office to validate their identity and their request. You can also report suspected scam email by forwarding them to ReportEmailFraud@ato.gov.au
  3. Look for misleading signals in an email and never open attachments if you are unsure. Key tell-tale signs that an email may be illegitimate include: incorrect logos within the email; the communication does not address you as the recipient by name; it is not sent from a legitimate @ato.gov.au sender; is unexpected; the message contains poor grammar; and/or, the email asks you to click a link that appears to lead to a government website but when hovering over the link it does not lead to an ato.gov.au address.
  4. Be sure your computer is fully patched and up-to-date. Apply all patches for your operating system and any third-party applications. This will help ensure that your computer isn’t at risk of being exploited in a malicious spam campaign that uses known software vulnerabilities.
  5. Know the status of your tax affairs and your accounts. If you know you don’t have debt with the tax office, then an email or phone call that states otherwise cannot be real. Monitor your credit cards for unauthorised charges, as well as your credit report for new accounts that you didn’t open. Fraudulent activity may indicate that you’re at higher risk of further fraud, including stolen tax refunds.
  6. If you’re filing your taxes online, use a secure Wi-Fi connection or a VPN. Many consumers use an e-filing service to file their taxes. If that’s you, one of the best ways you can protect yourself is to make sure your internet connection is secure and not a publicly available network. If you are not sure about the security of your internet connection, use a VPN. It’s an easy way to protect your data as it’s transmitted – almost like a secret code that only you and your VPN share.
  7. Invest or renew your security subscription. Use Tax Time as an annual reminder to ensure your online security software and processes are up to date. Ask your tax agent or accountant whether you can claim your security subscription as a tax deduction.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.