By Jacquline Jayne
Cybercriminals (scammers) have honed their craft to create extremely sophisticated phishing (malicious) emails, smishing texts (SMS phishing), and vishing (voice phishing) that look and sound like the real thing.
Each year we see the same scams and millions of dollars stolen from hard-working Australians.
Tax time is one of the busiest periods for scammers, who will often impersonate government agencies to seek financial benefit, or to gather personally identifiable information, including tax file numbers.
Before we begin, it is probably a good idea to inform you that cybercriminals refer to their playbook at this time of year and update the scams from previous years. If you don’t have time to read about all the scams (there are a lot to include this year), follow these tips to avoid all ATO scams.
For ALL INCOMING COMMUNICATION FROM the ATO
- If you receive an email, SMS, or phone call that says it is from the ATO, STOP and take a breath.
- If it includes a link – IT IS A SCAM. Do not engage and report it.
- If it includes an attachment (usually in an email) – IT IS A SCAM. Do not engage and report it.
- The real ATO will never send you any links to click on.
- If the real ATO does contact you, they will only ever ask you to contact them directly via their official sites, such as this or this, to log into your account.
- Call the ATO on 1800 008 540 if you are unsure or want to clarify something.
Top scams to be aware of this financial year and how to avoid them.
NEW FOR 2023
SCAM: ATO social media impersonation accounts scam
Released in January 2023, this new scam is popular on social media (Facebook, Twitter, Instagram, TikTok, etc). These scams are impersonating both the ATO itself and ATO employees. The intent is to get you to interact with the pages, send messages, and ask questions with the end goal of tricking you into sharing personal information such as email addresses, phone numbers, and bank account details.
The ATO does have an official presence on Facebook, Twitter, and LinkedIn, all of which hold the blue tik of authentication. You can see in the two screenshots below that there is no blue tick for authentication, and the follower counts are very low. The real ATO will never request such information on social media.
SCAM: Tax Refund SMS Scams
This scam increased in popularity in 2022 and is a continued concern for 2023. This is a smishing scam (malicious/fake SMS) designed to get you to click on the link. You are then taken to a fake website (that looks real) with a form for you to complete so you can get your money. Once again, scammers are looking for your personal information. The real ATO will never send an SMS with a link on it.
SCAM: Tax Lodgement email scam
You guessed it, this email scam shares fake information about your tax return lodgment date with a fake receipt number. Then the message is very manipulative as it tells you not to call them. Instead, the email suggests that it is better for you to check the attachment and ensure that all your information is correct.
If you do happen to click on the attachment, you will be taken to another screen that looks like an official Microsoft Sign-in (IT IS FAKE).
The intent of this scam is to collect your login details and password. Access to your Microsoft account has the potential for cybercriminals to access your personal device providing access to everything you have. Plus, if you happen to reuse your passwords, there is a high chance that cybercriminals will use these details to attempt to access other applications. The real ATO will never send you an email with a link on it or an attachment to open.
SCAM: Fake TFN/ABN applications
These scams are advertised to unsuspecting people via social platforms such as Facebook, Twitter, and Instagram, stating that you can get some help obtaining a TFN or ABN for a fee. If you engage with the advertisements, you are taken to fraudulent websites where you will be requested to confirm or enter personal information that can be used for nefarious activities.
Please Note: Applying for a Tax File Number (TFN) or Australian Business Number (ABN) is free, and you can do that at one of the safe links here and here. And, if you are going through a tax agent to get your TFN OR ABN, check that they are registered here, and remember that they may charge a fee for their services to apply on your behalf. The real ATO will never advertise on social media.
SCAM: Tax evasion suspected; pay with cryptocurrency
Scammers are opportunistic, so it makes sense that there would be a scam involving tax and cryptocurrency. Here we see smishing (malicious SMS) pretending to be from the ATO with a message stating that you are a suspect in cryptocurrency tax evasion and then you are directed to click on a link to access your wallet to sort it out. Please do not click on the link. The real ATO will never send an SMS with a link on it.
SCAM: Fake tax debt
Pretending to be from the ATO, this contact can come from a phone call or SMS where you are informed that you have a tax debt and that if you don’t pay it straight away, you will be arrested. The scammers will demand payment via pre-paid gift cards or credit cards, or even cryptocurrency (e.g., Bitcoin) and will be very persistent for you to pay them. If you receive this call, hang up. The real ATO will never call you with a demand for payment, threaten arrest or use prerecorded messages such as this.
SCAM: Asking you to update your myGov Details
The ATO has previously received reports of email and SMS scams that ask people to update their myGov or myGovID details, and we anticipate seeing this scam again this year. Scammers pretend to be from the ‘myGov customer care team’ and send emails telling people they must verify their identity by clicking a link. If you open the link, you will be taken to a fake myGov website where you are asked to sign in with your myGov details. The real ATO and MyGov will never send an email or an SMS with a link on it.
SCAM: Sending alerts claiming that you have a suspended Tax File Number (TFN)
For the last few years at tax time, the ATO has received reports of calls where you hear an automated voice message claiming that your TFN (tax file number) has been suspended and that there is a legal case against your name. Then you are asked to press ‘1’ or be referred to the court and arrested. This is a scam. If you do press ‘1’ you will be put through to a scammer who will tell you that your TFN has been suspended due to money laundering or fraudulent activity. Then, just to leverage the fear factor, you are asked to provide the last four digits of your TFN, address, date of birth, name of your bank account, and the approximate amount of money in the account(s).
If you are lucky, the scammer may transfer you to the fake police. They will tell you that a case has indeed been filed against you and you will be arrested if you don’t pay. If you receive this call, hang up. The ATO will never send unsolicited pre-recorded messages to your phone or threaten you with immediate arrest.
Is that all?
Sadly no, there are more tax time and ATO-related scams to be found here. If (or should I say WHEN) you receive an ATO or MyGov-related scam, take a screenshot and send it to this email ReportScams@ato.gov.au. Remember that scammers, also known as cybercriminals, will refer to their playbook throughout the year and re-use or update scams, especially if they were successful (most of them are). The challenge for you is to be aware of them all and remain vigilant and aware.
Advice for Business Owners
- Communicate to your people, outlining precisely what to expect from your HR or Payroll Department at tax time.
- Provide precise details as to what they will receive and warn them that there is a very high chance cybercriminals will be targeting them at tax time.
- Step your people through relevant, engaging, and ongoing security awareness training and allow them to test their knowledge with simulated phishing and other social engineering tests.
- Share the tips below with your employees, customers, vendors, and suppliers, as cybersecurity is everyone’s responsibility.
Advice for Employees (and everyone else)
- Ask your HR Department or Payroll when and how you will receive your Group Certificate.
- Only deal with the ATO or MyGov via official channels here or here.
- The real ATO will never send links in emails or SMS
- The real ATO will never request personal details like bank account details via email, SMS, or voice mail.
- The real ATO will never ask you to pay for anything with gift cards, credit cards, or cryptocurrency (like Bitcoin).
Advice for Tax Professionals
Cybercriminals are actively looking to gain unlawful access to your client data as it is of great value to them. Take a moment to consider all the personal and sometimes business information you hold for each of your clients and the potential repercussions if you suffered a data breach. They will even pose as a client sending you an email with a malicious attachment in the hope that you open it and grant them access to your system. Once inside, they can access your entire inbox and your client’s data. You need to be on the lookout for all suspicious emails and be vigilant at tax time. Feel free to share these hints and tips far and wide with everyone in your world who will be required to lodge a tax return.
Report any suspicious activity to the ATO
Call 1800 008 540
Forward the scam email to ReportScams@ato.gov.au
Take a screenshot and email it to ReportScams@ato.gov.au
All the links
To verify or report a scam go here.
To apply for a Tax File Number (TFN) go here.
Information about Australian Business Numbers (ABNs) go here.
To confirm your tax agent is registered, go here.
To access MyGov go here.
For the Australian Tax Office (ATO) website, go here.
About the author: Jacqueline Jayne is the Security Awareness Advocate at KnowBe4. This is an opinion column. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of this publication.
Welcome to dailystraits.com. Please send all interview requests and press releases to email@example.com.