The related fake electronic mails, reportedly, take recipients onto one website that copies the ATO (Australian Tax Office) web-page for tax refund and instructs them to click the logo that represents the bank where they have their accounts.

But on doing so, users are diverted onto bogus login web-pages pertaining to those banks thereby suggesting that the phishers are aiming to capture Internet banking credentials.

Remarking about the above scam, security researchers at Websense stated that just like previous phishing kits, the current attack used PHP codes for restoring, parsing as well as transmitting information about the deceptively hijacked accounts. The toolkits used earlier were employed on a number of other hijacked Internet sites as well for making possible the associated assaults' failover, considering that since phishing websites had a limited lifetime, people getting victimized with them were most during the assault's starting 24 hours. Moreover, the current phishing kit's efficacy surpassed Rock Phish, the kit which Websense tracked during earlier years. Apparently, while Rock Phish tended to attack voluminously, the current kit was well-designed that connected with many financial institutions within the same place, the researchers analyzed. Websense.com published this on January 25, 2011.

Worryingly, utilizing such DIY (do-it-yourself) malware toolkits as the kits in discussion are called has increased during the recent years, remark the security researchers. As a result, their prices have declined from the earlier rates ranging between $400 and $700 to the current more low rates, therefore, the total count of phishing assaults is as well increasing. Both novice and experienced cyber-criminals are found utilizing such toolkits for executing more and more phishing scams, observe the researchers.

Eventually, for steering clear off a phishing scam, users are recommended that they should maintain caution prior to clicking on web-links. Additionally, they should deploy anti-phishing software that is regularly kept up to date for preventing any possible entry of phishing e-mails into their mailboxes, suggest the security experts.