I just had this email in from the ATO – Australian Tax Office – telling me I had a tax refund due.
YIPPEE! You got my attention now buddy.
I was a little surprised though, I’d received a letter from them a few weeks back confirming my accountant had got it right, I owed them money, bugger. Anyway, I figured they’d updated the tax review. You little beauty, new laptop on its way!
Erring on the cautious side I checked the email address it was sent from. Was it legit?
Australian Taxation Office <ua.vog.ota@dnufer>
Yup, that looks good… or is it?
Here’s a snap shot of that email!
The spammers and scammers are getting very clever. And spam and scam emails are on the increase.
So how do you definitively tell if it’s legit or not?
Well, the extension @ato.gov.au is legitimate, and that’s the first thing you should always check.
But NEVER click on that email address! It’s likely they’ll have tracking software on all the links in the email too. What that means is they can tell WHAT email address has clicked on what links. That gives them the opportunity to send a follow up email to try and con you.
Next up check who it was sent to! Yes, you received it but were you named in the email? Chances are no, it was a mass email blast and they don’t actually have your name as such, or perhaps even your address as such.
– Is it your actual email address that it’s been sent to?
– Is your name used in the actual email?
No to both of the above then be on alert. (See, I’m not named in the To: or in the message)
This is the key check! Hold your mouse over the links in the email But DON”T CLICK!
– What do they say?
– What is the web address that appears as pop up text?
This is the ‘tell’.
What does that tell us?
That the email address that it was sent from, although that appears legitimate doesn’t line up with this link. Plus the ATO sending an email from .host1free.com something – I don’t think so, a bit fishy.
Here’s the tricky bit.
Email links often have the email software web address in the link, mine do – http:www.smartemail.com.au/manager/extension because that is the program that sends the email out.
Here’s the definitive check –
– Right click on the link – Select – ‘Copy Hyperlink’ – Paste into a web browser window.
What do you see?
Most times it will be a web page being built, or coming soon, having maintenance or some way of trying to capture your personal or banking details.
DANGER – get out of there and report it to the mimicked sender. Which I did and now that link shows a ‘reported web forgery’ notification.
When I first did this with this particular web address I got a ‘website down for maintenance’ message. When I went to the primary site http://host1free.com it was offering free web hosting etc. which is probably all legitimate but the other was not.
By right clicking and pasting direct into a browser you are not enabling the tracking software so you’re safe in that regard too.
You can also check the signature for that legitimate ‘look’ but that ain’t definitive. Same as the message, does it ‘read’ right?
So here’s the ‘is it a scam’ checklist again:
1 – Check the email address extension that it’s been sent from (in this case – @ato.gov.au)
2 – Check who it was sent to! Was it you? (To:xxxxxxx)
3 – Right click an copy hyperlink into a web browser to check (Does it look legit?)
Have you been caught? I’ve been close a couple of times and this was certainly one of the cleverer ones.