Whether you were born with a silver spoon in your mouth, or live hand to mouth, for millions of Australians, every July is tax time!
The annual ritual involves sorting through mountains of receipts, complex spreadsheet calculations and filing endless forms. It’s a pain nobody enjoys, especially if the ATO determines it’s you who owes them money. And if that isn’t enough, we now have reports of tax phishing scams, so scammers can claim their pound of flesh too!
With emails flying back and forth between you and your tax advisor, scammers know your guard is down. While you hurriedly check attachments, click on links and submit confidential information, it’s the ideal time to target you with a tax season phishing scam.
In this blog we’ll explore some of the most common tax time scams you’re likely to face and how to avoid phishing scams this tax season.
What are tax phishing scams?
As with all phishing scams, tax phishing scams involve cyber criminals trying to deceive you into revealing private information about yourself. Alternatively, they may attempt to persuade you to transfer funds to them.
In many cases, cyber criminals will seek to trick you into providing login and password credentials to online banking portals, email accounts, or other applications containing confidential information. Once they’ve gained access to such systems, the path is then wide open for them to engage in a range of malicious activities, from financial crimes to identity theft.
Another common type of attack we see at tax time is the use of phishing tactics to trick you into installing malware. This can lead to devastating data breaches or ransomware attacks.
What makes tax phishing scams so effective is their timing. For many, this is the busiest time of year. Scammers know there’s a high probability that busy people will fail to identify a tax phishing scam at this time of year. You need effective strategies in place to avoid tax phishing scams.
Some common tax phishing scams you need to be on the lookout for include:
Email tax scams
Criminals are known to favour ATO phishing scams by sending out fraudulent emails purporting to be from the tax office. Usually, these emails direct the recipient to a bogus website. To the untrained eye these websites look totally authentic, even going as far as spoofing the legitimate website’s domain or URL. Once on the fake website, victims are urged to submit login and password credentials, paving the way for identity theft or fraud.
In one recent example, people were sent links via email to a fake myGov login page. Once they submitted their myGov credentials, the criminals could access the victim’s genuine myGov portal. This allowed them to compromise victims’ personal information, including passport and driver’s license details, in order to engage in identity theft.
Other common email scams include threating legal action for fake tax debts. The victim is urged to pay via a fake webpage using cryptocurrencies or pre-paid debit cards. Alternatively, victims are tempted with an email advising them they have a refund. They are advised to enter their confidential information to receive the payment, but in fact are defrauded.
Phone tax scams
Phone scams at tax time can be particularly effective as they instil fear into potential victims. Scammers are known to phone people, either with live calls or robocalls, pretending to be from the ATO. They then attempt deceive them into divulging confidential information or paying fictitious fines and debts. Victims are warned that they will face severe legal repercussions if they refuse to follow instructions.
In a recent case, victims were phoned and told their Tax File Number (TFN) was being suspended due to illegal activity. In these Tax File Number scams, victims were instructed that in order to restore their TFN and avoid legal action, they would need to immediately pay a fine, or transfer all their funds to a holding account.
SMS / text tax scams
Reports of SMS scams are also on the rise. Victims are sent messages purporting to be from the ATO. Typically, such scams seek to deceive people into clicking a link in the text message that takes them to a bogus webpage on their mobile devices.
Like phone scams, these text messages seek to instil fear in people. Victims are warned that they have an outstanding tax debt which must be paid urgently to avoid legal repercussions. In recent cases, scammers have urged payment via cryptocurrency or pre-paid debit cards. Unlike credit cards, the victims have no recourse to recover the funds when using such payment methods.
Tips for avoiding tax phishing scams
1. Be hypervigilant of texts, phone calls, and emails
When it comes to texts, phone calls and emails, the best advice is act with caution!
Make sure you carefully check the email address of the sender. Place your curser over the email address, without clicking it, to see if it sent from the genuine domain name. Do the same with any links contained within the email. If in doubt – do not click anything!
When it comes to dubious phone calls or text messages, never divulge confidential information or login and password credentials. If in doubt, type the ATO website into a browser (do not click links to the website) and call the official phone number listed there.
2. Use trusted email services
Email phishing scams remain the most common method scammers use to launch attacks. It’s essential that your email systems have security measures built-in, such as spam filters. These will help identify malicious emails and move them to a spam or junk folder.
3. Take advantage of two-factor authentication (2FA)
Few security measures offer as much protection as Two-Factor Authentication. Through using both a password and another factor, such as a one-time-passcode that is sent to your mobile device, you can stop most unauthorised access attempts. The myGov application has enabled 2FA, giving you greater confidence that you can stay secure.
4. Don’t believe the scare tactics
The ATO repeatedly advises that they do not engage in the sorts of scare tactics that are reportedly being used by scammers. The ATO engages in ongoing discussions with people before commencing any legal actions, and they never tell people to transfer all their funds to holding accounts.
5. Follow ATO payment recommendations
The ATO has secure means for paying any tax debts. Such payments should always be made through official portals, such as myGov, or via the payment instructions on official ATO communications. Payments should never be made via cryptocurrencies or pre-paid debit cards.
6. Review ATO resources
The official ATO website (ato.gov.au) contains all the essential information you need to know. If you have any tax questions, reach out to the ATO directly using the contact details listed on the official website.
Even though this is a busy time of year, it’s always worth acting with caution, especially when receiving communications that are related to your tax circumstances. Never click links or open attachments that purport to be from the ATO. Any official portals and contact details can be accessed directly from the ATO website.
With so many attempted phishing scams at this time of year, now is the time to carefully consider engaging expert assistance to ensure you and your team have the awareness needed to prevent phishing scams.
Phriendly Phishing is trusted by companies across Australia to enable their staff to understand phishing tactics and how to avoid them. Contact Phriendly Phishing today for a demonstration of our unique Australian training platform.