Last week, the Australian Taxation Office (ATO) issued a warning about the rising volume of scams impersonating the organisation, urging taxpayers to stay vigilant when completing their tax returns. These "phishing" scams have become increasingly sophisticated and harder to spot, especially during a point in the year when many Australians are expecting updates regarding their tax returns.
To help you keep your personal and financial information safe, we have created a quick guide that covers how these scams work, what to look out for, and the best ways to protect yourself online.
How do phishing scams work?
Since the start of the new financial year, there has been a large number of reports about fake text and email alerts claiming to be from the ATO. Recipients are directed to log into their myGov account using a link embedded within the message, which leads them to a fake sign-in page designed to steal their username and password. According to The Australian Competition and Consumer Commission, a sharp increase in phishing scams like these cost Australians $3.1 billion in 2022 — an 80% increase from 2021, prompting the reminder for taxpayers to remain alert.
At this time of year, tax returns are front-of-mind for many Australians. Knowing this, scammers will often bait their target by using terms and phrases that some might expect to see in official communication from the ATO, such as, "You need to update your details to allow your tax return to be processed" or "Your refund has failed due to an incorrect BSB/Account number". Depending on how far along an individual is in their lodgement process and how much previous communication they have had with the ATO, these fake myGov messages can be extremely effective in luring unsuspecting taxpayers.
Image source: Australian Taxation Office. Examples of fake communication claiming to be from the ATO via email and SMS.
Reporting a scam
While the ATO does use texts and emails to communicate with taxpayers, they will never ask you to provide personal or financial information, make a transaction, or complete any action through these channels. If you need to access any online services to update your details or check the status of your tax return, you should always do so by typing ato.gov.au or my.gov.au directly into your browser rather than following any links embedded in a text or email. Going directly to any site that you are prompted to visit is a great way to avoid phishing scams altogether and limit potential cybersecurity breaches.
If you are unsure about a myGov message you have received or if would like to report any suspicious contact from sources claiming to be the ATO, you can do so by contacting the ATO directly by calling 1088 008 540 or emailing reportscams@ato.gov.au.
Improving your cybersecurity
In this year's Federal Budget announcement, the Treasurer introduced an initiative designed to help improve cybersecurity for small businesses as many looked to digitise their processes following the pandemic. Since late last month, the new Cyber Wardens scheme has helped simplify cybersecurity for small business owners and educate them on digital threats. Some of the preventative measures the initiative recommends include:
- Using Two-factor Authentication: Make accessing your accounts more difficult for cyber-criminals by requiring multiple forms of identification to sign in, such as having a code sent to your mobile in addition to your password.
- Avoid Clicking on Untrusted Sites: If you find yourself on an unfamiliar site, be careful not to click on any pop-ups or suspicious links. If you are unsure about a link, you can always right-click the link, select "copy link address", and paste it into a blank document to safely see exactly where you will be directed.
- Verifying Senders: If you receive an email claiming to be from the ATO, pay attention to the sender's email address rather than the name of the sender. If you do not recognise the address, a quick Google search will let you check it against all of the official domains used by the ATO.
- Check the URL: If a URL begins with "https://" rather than "http://", the site has been secured using a Secure Sockets Layer (SSL) protocol. This protocol encrypts communications between you and the server, preventing would-be hackers or identity thieves from 'eavesdropping' on your session and stealing your information.
- Don't Reveal Personal Data: You should never exchange sensitive data, such as login details or credit card details via text or email, regardless of whether you trust the contact or not. Always use encrypted file-sharing software or call the contact directly.
- Report Suspicious Contact: Reporting suspicious texts or emails helps others become aware of current cyber threats and allows them to implement preventative measures.
Lodging your returns
As you complete your tax returns this year, remember to employ these best practices to avoid this new round of phishing scams. Although they can be difficult to differentiate from official communications from the ATO, if you know what to look for and take preventative measures, you won't be an easy target for cyber-criminals.
If you need any assistance with lodging your tax return, our highly qualified team of tax specialists can manage the entire process. With proven methodologies and technical knowledge, we offer our clients expert taxation and accounting services and support. Contact the team at Azure Group today to schedule a consultation.
Have you noticed our #FridayExpertTips? Here's one that relates to #Technology.
"Your Intellectual Property (IP) is your most valuable asset. Identifying and protecting the IP you create is crucial to the long-term success and viability of your Startup venture.”
Comment