As tax season approaches, Australians need to be vigilant about the increase in tax scams. Cybercriminals are becoming more sophisticated, and it’s crucial to recognize and avoid these fraudulent activities. An article written by Martin Kraemer for Accountants Daily highlights some key points on what you need to know to protect yourself.
1. myGov Email Impersonation Scams
Beware of phishing scams that mimic ATO emails and myGov sign-in pages. These scams aim to steal your myGov credentials and are often disguised as legitimate ATO communications. Scammers cleverly create fake ATO emails containing links that encourage people to click on a link directing them to fake myGov sign-in pages designed to steal their usernames and passwords. Over the past six months, a staggering 75% of all email scams reported to the ATO involved a fake myGov login link. Stay cautious and verify any communication claiming to be from the ATO.
Scammers are also exploiting other digital channels such as SMS messaging to get individuals to click on fake myGov sign-in pages designed to steal their usernames and passwords. Scammers use different phrases to trick people into opening these links. Some examples are:
• You are due to receive an ATO Direct refund
• You have a new message in your myGov inbox – click here to view
• You need to update your details to allow your Tax return to be processed
• We need to verify your incoming tax deposit
• ATO refund failed due to incorrect BSB/account number
• Your income statement is ready, click on the link to view
2. ATO Social Media Impersonation Scams
Scammers also target social media users by creating fake ATO accounts. These scams impersonate both the ATO itself and ATO employees. The intent is to get you to interact with the pages, send messages, and ask questions, ultimately tricking you into sharing personal information such as email addresses, phone numbers, and bank account details. Always look for the blue tick of authentication on official ATO accounts (Facebook, Twitter, and LinkedIn) and avoid engaging with suspicious accounts.
How to spot a fake:
• The ATO prioritises secure communication. It will never send email or social media links directing you to log in to myGov or other online services. Treat any such requests as scams.
• The ATO’s official accounts are on Facebook, Twitter and LinkedIn. However, it will never initiate contact through these channels. It also has no presence on Instagram, so any ATO message there is guaranteed to be a phish.
• Be wary of suspicious ATO accounts. Legitimate profiles typically boast tens of thousands of followers and have been active for years. Steer clear of any new or low-follower accounts claiming to be the ATO.
• The ATO won’t send you an SMS or email with a link to log on to online services. These should be accessed directly by typing ato.gov.au or my.gov.au into your browser.
• While the ATO may use SMS or email to ask you to contact it, it will never ask you to return personal information through these channels.
3. Multifactor Authentication Phishing
Be cautious of emails requesting an “MFA update” for your ATO account. Legitimate updates will never be communicated via email links or QR codes. The ATO prioritizes secure communication and will not send email or social media links directing you to log in to myGov or other online services. Access these services directly by typing ato.gov.au or my.gov.au into your browser.
How to spot a fake:
• The ATO will never ask you to update MFA via email, especially with a QR code, or a link to log in to online services. These codes typically lead to fake myGov login pages designed to steal your credentials.
• If you receive an email like this, do not scan the QR code, click on links, open attachments or download files. Forward the email to reportscams@ato.gov.au, and then delete it.
4. Tax Refund SMS Scams (Smishing)
Scammers exploit SMS messaging to trick individuals into clicking on links that lead to fake websites. Remember, the ATO will never send SMS with links for tax lodgments or refunds. If you receive suspicious SMS messages related to tax refunds, verify their authenticity through official channels.
Stay informed and cautious. If you encounter any suspicious communication claiming to be from the ATO, do not engage and report it immediately. For more detailed information on how to protect yourself from tax scams, visit the official ATO website.
Remember, your vigilance can prevent falling victim to these scams. Keep your personal information secure and verify any unexpected communication. Stay safe this tax season!
5. For all incoming communication from the ATO
1. If you receive an email, SMS, or phone call that says it is from the ATO, STOP and take a breath.
2. If it includes a link – IT IS A SCAM. Do not engage and report it.
3. If it includes an attachment (usually in an email) – IT IS A SCAM. Do not engage and report it.
Remember
1. The real ATO will never send you any links to click on.
2. If the real ATO does contact you, they will only ever ask you to contact them directly via their official sites, such as https://www.ato.gov.au or https://my.gov.au/, to log into your account.
3. Call the ATO if you are unsure or want to clarify something
Leave a Reply