As your boss’ gatekeeper you’ll be no stranger to fielding off unwanted communication, from endless sales calls to more serious threats, like cyber security. And, based on the significant increase in phishing scams impersonating MyGov and the Australian Taxation Office (ATO) during previous tax seasons, AUSCERT says this is a prime period for cybercriminals to target unsuspecting targets through phishing scams via email, phone calls, text messages and fake websites.
From July to October 2022, AUSCERT reported more than 1,100 tax-related phishing scams. This surged to more than 2,500 in 2023 and is predicted to rise again. MyGov is said to be the most impersonated site in Australia and its team has taken down more than 4,000 fake sites in the past year.
Dr Ivano Bongiovanni, general manager of AUSCERT, explains: “Phishing emails often impersonate official entities and contain convincing logos and language to deceive recipients and urge users to click on a link, scan a QR code or download an attachment.
“The emails also claim that urgent action is required to avoid account suspension and attempt to trick users about a pending tax refund, highlight issues with a tax return or demand immediate action to avoid penalties. But clicking on these links can potentially lead to malicious websites that could steal Personally Identifiable Information (PII) or sensitive data like user credentials or credit card details. Additionally, clicking on the links may install malware on the user’s device, creating a backdoor for cybercriminals to monitor activities, track user behaviour, and steal login information.”
To protect yourself, your boss and your company, AUSCERT recommends the following:
- Verify the source: Do not respond to unsolicited emails, text messages, or phone calls claiming to be from the ATO, MyGov or any government agency. If it is an email, double-check the email address and sender information to confirm authenticity. Remember, the ATO or MyGov will never ask for sensitive information via email or SMS. Before providing any personal information verify the legitimacy of the request by phoning the ATO or tax professionals first to confirm.
- Be wary of suspicious calls: If you get a suspicious call from someone claiming to be from the ATO and demanding payment to receive a tax refund, end the call immediately. The ATO would never threaten you with immediate arrest or use abusive language.
- Exercise caution with external sources: Avoid clicking on links or downloading attachments from unsolicited emails or text messages.
- Beware of urgent requests: Take the time to verify the legitimacy of the communication.
- Protect personal information: Avoid sharing personal or financial details in response to emails, phone calls or text messages, and be careful when providing information online.
- Report suspicious activity: If you receive a suspicious email get in touch with the ATO’s scam reporting email address, the Australian Cyber Security Centre or IDCARE.
- Keep software up to date: The latest security updates and antivirus software will protect against malware and phishing attempts.
- Use passphrases: Rather than simple passwords, use complex passphrases with a longer series of letters, different cases, numbers and characters. Organisations should use Multifactor Authentication wherever possible on all online services.
If you believe that your identity has been compromised or you have fallen victim to a tax-related scam, contact IDCARE on 1800 595 160.