Recently, there has been a spate of emails claiming to be from the Australian Taxation Office containing a link to Malware designed to infect and compromise systems.


This type of Malware is typically designed to work in the background, taking control of your system and stealing sensitive and important data.


If you are currently using Office365, or an on-site mail solution that is protected by Trend Micro, these emails should automatically be sent to  your Junk Mail folder, or quarantined at the server, other solutions may quarantine or delete this email, but we have not tested this Malware against them.

Currently, the Malware email is using DocuSign to distribute it’s Malware, and example of the email can be seen below:


DocuSign Malware

As with most Malware attacks though, the attackers will most likely evolve this email over time, and the next round of emails may not contain a DocuSign document to download, but instead something different.


Because of the nature or email scanning software, which mainly use a combination or virus definitions and heuristic scanning, some of these Malware emails may have made it through to your inbox, and as the emails evolve, more may make it through as well.


So what’s the best way to deal with emails like these?  Firstly, ask yourself a few questions:

  • Does the ATO regularly send you emails?
  • Are you expecting an email from the ATO?
  • Does the context of the email make sense? (in this example, the document name is “To All Employees 2013.doc”, which doesn’t make sense in the context of an email from the ATO)


If you answered no to 2 or more of the questions above, the email is most likely designed to deliver Malware, and you should delete it immediately.  If you answered yes to 1 of the questions above, call the ATO and ask if they sent the email to you.


Finally, if you received an email like this and clicked on a link inside of it, call us on 1300 246 266, or email


Questions, comments?  Email us on


Interested in receiving these in your inbox as we write them?  Simply fill in your email below and click “Sign me up!”