Deakin University’s bizarre fake tax scam email slammed by ATO
Deakin University’s bold plan to catch out oblivious staff members with a cunning email has backfired on them and earned the wrath of the ATO — this is why.
Education
Don't miss out on the headlines from Education. Followed categories will be added to My News.
Deakin University techies behind an email purporting to be from the ATO, to test if staff were cyber alert, have earned the wrath of the tax man.
The Australian Taxation Office says it’s unhappy to have its branding, which can often strike fear into the hearts of anyone receiving correspondence, either authentic or bogus, used in simulation scams.
“We wouldn’t want to endorse circulating more fake ATO emails albeit that these wouldn’t contain anything malicious,” an ATO spokesman said.
The email on September 18, understood to include the Australian Taxation Office logo, is thought to have gone to hundreds of staffers at the campus.
It said that the “period for the tax refund submission has passed, and we are notifying you in the first instance of your failure to submit”.
A partial screenshot seen by the Herald Sun gave recipients seven days to submit a completed return, suggesting they follow a link “which will walk you through the process”.
It threatened a $5000 fine for failure to comply.
Some staff did not think twice about the email, treating it correctly, but others were upset about it, saying it was a misuse of the ATO logo by the university.
One staffer questioned if the ATO had been notified and had approved of the use of the ATO in the bogus email.
“We are aware that organisations conduct scam simulations as part of cyber security awareness activities,” the ATO spokesman said.
“The ATO is generally not supportive of other companies using our brand in scam Sims.
“The main security risk applies if the emails are able to be sent outside of their organisation. This is due to the vast amount of ATO impersonation scam emails reported to us from the community.”
The Deakin staffer said that people who were behind in their returns may have panicked.
The email is part of an ongoing program to test staff on their ability to identify scam emails.
STRING OF VIOLENT ROBBERIES NEAR UNIS
THE CAREER WOMEN ARE NOW GRAVITATING TO
“This is not the first test of this kind, but the first I am aware of in which the test email was designed to look like it was from the Australian Taxation Office, with the ATO logo included,” a staffer said.
“Those who clicked the phish alert button at the top of the email got an immediate notification congratulating them on identifying the scam email sent by Deakin eSolutions.”
Deakin, with campuses in Geelong, Warrnambool and Burwood, has around 4500 staff, based on its 2017 annual report.
It is unclear how many staff members received the bogus email.
Deakin University chief digital officer William Confalonieri stood by the cyber exercise, saying it was carefully designed to ensure staff were aware of and know how to spot sophisticated phishing emails.
“Globally we know that 93 per cent of all cyberbreaches are against people and 96 per cent of these are made using email,” he said.
“The exercise posed no risk to security and was coupled with education and practical online tips to help staff avoid falling victim to cybercrimes.
“Exercises such as this are part of a rigorous and continuing program at Deakin to improve staff awareness of dangerous online scams.”