AUSCERT warns companies and individuals alike to be aware of tax scams

Tax time rolls around every year with the inevitability of death, but while tax and death have long been considered to go oddly hand in hand, the modern, connected world has thrown a third spanner into the mix.

Scams.

As Australians all over the country turn to their accountants and yearly finances, so do scammers, who relentlessly conjure new ways to bilk victims out of either their personal data or their hard-earned cash.

AUSCERT – the Australian Cyber Emergency Response Team – has released some alarming figures to illustrate the growing number of scams targeting Australians during tax time. In the 2022 tax season, AUSCERT received reports of more than 1,100 tax-related scams, but in 2023, that number jumped to 2,300.

Now, as the 2024 season looms ahead of us, AUSCERT is expecting that figure to jump yet again.

To give you another set of troubling numbers, MyGov recently admitted that it was the most impersonated site in Australia and that in the last 12 months alone, it has taken down more than 4,000 fake MyGov sites.

Dr Ivano Bongiovanni, the recently appointed general manager of AUSCERT, goes into more detail.

“Phishing emails often impersonate official entities and contain convincing logos and language to deceive recipients and urge users to click on a link, scan a QR code or download an attachment,” Bongiovanni said.

VIEW ALL

“The emails also claim that urgent action is required to avoid account suspension and attempt to trick users about a pending tax refund, highlight issues with a tax return, or demand immediate action to avoid penalties. But clicking on these links can potentially lead to malicious websites that could steal personally identifiable information (PII) or sensitive data like user credentials or credit card details. Additionally, clicking on the links may install malware on the user’s device, creating a backdoor for cyber criminals to monitor activities, track user behaviour, and steal login information.”

With scams proliferating faster than ever, AUSCERT has the following tips to stay safe.

Verify the source

Always double-check where emails and text messages are coming from. Study the email address or any included link in a message and make sure it’s authentic before clicking on anything. The Australian Taxation Office (ATO), many banks, and MyGov never ask for personal information via text or email, so if a communication is asking for your PII, think twice.

If in doubt, call up the entity in question and confirm that the message actually comes from them.

Be wary of suspicious callers

If a call sounds suspicious, simply hang up. Be aware that if a phone call is threatening you with some form of legal action, it is most definitely a scam – the ATO does not threaten people with arrest, for instance.

Watch out for suspicious links and attachments

Most scam-related links look like the real thing, but close examination often reveals misspellings or not-quite-right address details. Do not click on anything that doesn’t look right, especially any email attachments.

Beware ‘urgent’ requests

We all know the ATO moves slowly, so be aware of any message that tries to place you under time pressure. Verify everything carefully before responding.

Protect your personal information

Your personal information can be a gold mine for scammers and could lead to further scam activity targeted at you specifically.

Avoid sharing your personal details in response to any unsolicited messages.

See a scam, report a scam

Sharing scam intelligence is an important part of fighting scammers, as the relevant authorities need to know as new scams begin to circulate, so always let the impersonated organisation know what’s happening. The ATO has a specific spam reporting email address, for instance – make use of it!

If you believe your identity has been compromised or have fallen victim to a tax-related scam, contact IDCARE on 1800 595 160.

Keep your software up to date

Many scams and other internet nasties rely on poorly updated software since they generally will not be secure against the latest malware strains or scam tactics.

Update often to keep yourself safe.

Use passphrases and multifactor authentication

Passphrases that use a longer string of letters, cases, and numbers are more secure than passwords, and setting up multifactor authentication means that if anyone else tries to access an account of yours, you’ll be warned by getting an authentication message for a login attempt you have not made.

Turn on MFA wherever it is available.

“By staying informed and vigilant and following best practices for online security, individuals can reduce the risk of falling victim to ATO and MyGov-related phishing scams during tax season,” Bongiovanni said.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.