Australians warned to be on high alert for a rush of scams as we enter tax season

Australians are being warned to be on the lookout for even more scams as we enter tax season – a prime period for cyber criminals to target unwary individuals and businesses.

AUSCERT, Australia’s first computer emergency response team, says it has seen an increase in phishing scams that impersonate MyGov and the Australian Tax Office (ATO).

Between July and October 2022, AUSCERT received reports of more than 1100 tax-related phishing emails and scams.

In 2023, this figure exceeded 2,500 and there’s every indication it will be even higher in 2024.
Scams are circulated in several ways – phishing emails, phone calls, text messages and fake websites – and take advantage of the fact there is increased level of financial activity.

At the Australian Cyber Security Showcase in Canberra last week, MyGov reported it was the most impersonated site in Australia – its team took down 4000 fake sites in the past 12 months.

“Phishing emails often impersonate official entities and contain convincing logos and language to deceive recipients and urge users to click on a link, scan a QR code or download an attachment,” says Dr Ivano Bongiovanni, the General Manager of AUSCERT.
“The emails also claim that urgent action is required to avoid account suspension and attempt to trick users about a pending tax refund, highlight issues with a tax return or demand immediate action to avoid penalties.

“But clicking on these links can potentially lead to malicious websites that could steal Personally Identifiable Information (PII) or sensitive data like user credentials or credit card details.

“Additionally, clicking on the links may install malware on the user’s device, creating a backdoor for cybercriminals to monitor activities, track user behaviour, and steal login information.”

To protect yourself from ATO and MyGov scams, AUSCERT has come up with some tips:

– Verify the source: Do not respond to unsolicited emails, text messages, or phone calls claiming to be from the ATO, MyGov or any government agency. If it is an email, double-check the email address and sender information to confirm authenticity. Remember, the ATO or MyGov will never ask for sensitive information via email or SMS. Before providing any personal information verify the legitimacy of the request by phoning the ATO or tax professionals first to confirm.

 – Be wary of suspicious calls: If you receive a suspicious call from someone claiming to be from the ATO and demanding payment to receive a tax refund it is advisable to end the call immediately. Keep in mind that the ATO will not threaten you with immediate arrest or use abusive language ever.

 – Exercise caution with links and attachments: Avoid clicking on links or downloading attachments from unsolicited emails or text messages.

 – Be cautious of urgent requests: Be wary of emails, text messages and phone calls pressuring you to act quickly or provide personal information. Take the time to verify the legitimacy of the communication.

 – Protect personal information: Avoid sharing personal or financial details in response to emails, phone calls or text messages. Always be careful when providing information online.

– Report suspicious activity: If you receive a suspicious email claiming to be from the ATO or MyGov, report it to the appropriate authorities, such as the ATO’s scam reporting email address, the Australian Cyber Security Centre, or IDCARE.

– Keep software up to date: Ensure that your devices have the latest security updates and antivirus software to protect against malware and phishing attempts.

 – Use passphrases and MFA on online accounts: Rather than simple passwords, use more complex passphrases using a longer series of letters, different cases, numbers and characters. Organisations should use Multifactor Authentication (MFA) wherever possible on all online services and individuals are encouraged to make use of this increased level of protection.

“By staying informed and vigilant and following best practices for online security, individuals can reduce the risk of falling victim to ATO and MyGov related phishing scams during tax season,” says Dr Bongiovanni.

If you think you identity has been stolen or have become the victim of a tax related scam, contact IDCARE on 1800 595 160.