Don't click on links in the ATO email with your BAS - it's a scam packed with ransomware

Source: Orion Pictures

The Australian government Stay Smart Online is warning people to be wary of a widely distributed email which claims to be from Australian Taxation Office (ATO), but actually a scam that infects computers with malware to lock files.

The email offers a supposed link to an organisation’s Business Activity Statements (BAS), claiming the statement can be downloaded, but the ATO says it does not provide BAS by email.

Instead, clicking on the link automatically downloads malware. The file is either ransomware, which hackers use to demand money in return for unlocking your files, or keylogger software to record keystrokes for passwords and other login details.

The sophisticated scam also includes ATO logos and has the email address “Basnotification[at]ato[dot]gov[dot]au”.

Stay Smart Online says you should report receiving the email to the Australian Competition and Consumer Commission’s SCAMWatch website.

They recommend against paying any ransom demanded to decrypt files.

“There is also no guarantee the attackers will provide a working decryption tool, and victims are not protected against future attacks,” the organisation said.

If in doubt about the legitimacy of an email, contact the organisation, department or individual involved separately.

The ATO says anyone who believe they’ve been the victim of the scam should call 1800 060 062 for help.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.