[LINK] Fwd: RFC: ATO's model for comms to consumers re super rollover requests

Roger Clarke Roger.Clarke at xamax.com.au
Wed Feb 28 18:00:35 AEDT 2024


And 2-1/2 hours later a second email arrived, identical except for a 
different serial-number in the Reply-To field.  (They don't include it 
in the Subject, presumably because it's not yet an Incident Report).

I haven't yet divined why they would generate 2.

I guess I'll put it down to them piloting AI ...


-------- Forwarded Message --------
Subject: RFC: ATO's model for comms to consumers re super rollover requests
Date: Wed, 28 Feb 2024 14:52:18 +1100
From: Roger Clarke <Roger.Clarke at xamax.com.au>
To: link <link at anu.edu.au>

I received an email notification 'purportedly' from ATO.

It contains a bunch of links.  In email-clients, you see hotlinks, and 
hovering should display the URL.  All do appear to be actually 
@ato.gov.au.  (And the ASCII copy below shows them in clear).

But of course they could equally show @ato.tx or somesuch, and *some* 
proportion of people wouldn't pick up the risk factor.

It says 'my super fund' has requested info from ATO about a target SMSF, 
to check whether a rollover is okay to proceed with.

That's my own SMSF, and I asked UniSuper (months ago!?) to transfer the 
$63 that QUT deposited into UniSuper after I did a PhD examination for 
them.  (Getting Unis to pay into examiners' companies is hard going).

So, all in all, I'm satisfied the email isn't a scam.

But *my question to the Link Brains Trust is*:  Is the approach adopted 
by ATO in this approach a reasonable one in the context of rampant 
phishing and a public whose Internet security literacy remains very low?


-------- Forwarded Message --------
Subject: 	Superannuation rollover request
Date: 	Wed, 28 Feb 2024 14:21:20 +1100 (AUS Eastern Daylight Time)
From: 	Australian Taxation Office <noreply at ato.gov.au>
Reply-To: 	DCS_VERP_7146593653656 at dcs.ato.gov.au
To: 	ROGER.CLARKE at XAMAX.COM.AU

Please don’t reply to this email.

We use hyperlinks to give you more information. If you don’t want to 
click hyperlinks,
you can search for the information on the *ATO website*.
ATO Logo

   Superannuation rollover request

Hello ROGER

Your superannuation fund has requested verification of your self-managed 
super fund (SMSF), THE TRUSTEE FOR CONEGLIANO SUPERANNUATION FUND with 
the intent to rollover money.

If you requested this rollover, you don't need to do anything.

If you didn't, or if you want more information, please contact your 
super fund.

You can get more information from our website:
	Visit our website <https://www.ato.gov.au/Super/Self-managed-super-funds/>	

     Don't get scammed

The ATO never asks for your confidential details by email.
To learn more about staying safe online, go to 
*ato.gov.au/onlinesecurity* <https://ato.gov.au/onlinesecurity>

     Look suspicious?

Don't take chances, forward suspicious emails to
*ReportScams at ato.gov.au* <mailto:ReportScams at ato.gov.au>

     Your privacy

To learn more about how we maintain your privacy,
go to *ato.gov.au/privacy* <https://ato.gov.au/privacy>

     Our commitments to you

For information about our commitments to you and what we ask of you,
go to *ato.gov.au/atocharter* 
<https://www.ato.gov.au/about-ato/commitments-and-reporting/ato-charter/>
Facebook <https://www.facebook.com/atogovau>Youtube 
<https://www.youtube.com/user/AusTaxOffice>Twitter 
<https://twitter.com/ato_gov_au>LinkedIn 
<https://www.linkedin.com/company/australian-taxation-office>RSS Feed 
<https://www.ato.gov.au/RSS-news-feeds.aspx>Community 
<https://community.ato.gov.au>

*Australian Taxation Office* © Commonwealth of Australia

75161.501481.04-2019


-- 
Roger Clarke                            mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916   http://www.xamax.com.au  http://www.rogerclarke.com

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA 

Visiting Professorial Fellow                          UNSW Law & Justice
Visiting Professor in Computer Science    Australian National University


More information about the Link mailing list