Online security
Online security
|
A new phishing email claiming to be from the ATO is currently circulating.
The email claims that the recipient is entitled to a tax refund and states they should click the embedded link and complete the online form.
Do not click on the link in the email as it opens a fake webpage that will attempt to obtain your tax file number.
The ATO will never email you asking for personal or credit card details and you should never provide this information. If received you should delete the email immediately.
When accessing our online services, only do so by typing www.ato.gov.au directly into your browser.
|
There are many different types of scams - online, phone, mail and face-to-face. Online scams, such as email 'phishing' scams are on the rise and are designed to trick you into giving away your money, passwords and personal details (such as your tax file number - TFN).
From time to time, we will send you emails, SMS or post messages on our official social media profiles promoting new services or alerting you to due dates, for example tax time is approaching or that your business activity statement is due. However, we will never send you an email requesting you to confirm, update or disclose confidential details like your name, date of birth, address, passwords, credit card details etc.
This page is constantly updated with examples of the latest ATO related scams as we become aware of them. Please check back regularly to stay informed or sign up to the Online Services RSS, or email subscription for automated updates.
Ensure your online security
Identity theft is one of the fastest growing crimes in the world. It has become more organised, sophisticated and widespread. The internet has facilitated the problem by allowing perpetrators to collect peoples' personal details.
Tips for protecting yourself online
- Ensure your computer has up to date security software. This includes anti-virus, anti-spyware, anti-spam and firewall protection which protects your computer from malicious programs. These programs are often carried in something that looks harmless such as an email, but can allow an intruder to access your computer without your knowledge. Ensure that this software is kept up to date, install any updates immediately to protect yourself from the latest threats, and allow a regular scan of your computer.
- Enable automatic updates for your computer's operating system and applications including your web browsers to ensure they remain up to date.
- Ensure you install and enable a firewall on your computer before connecting to the Internet.
- Download and regularly use a malware removal program.
- Use discretion and common sense when using the Internet. Don't click on online advertisements/emails or go to sites you think may be untrustworthy.
- Use a SPAM filtering product to help block fake or virus-related emails. If you receive a spam email, delete it. Do not open email attachments from unknown sources.
- When using social networking sites such as Facebook, Twitter and LinkedIn never publish personal information such as your date of birth, TFN, bank account details or personal contact details such as your home address. Remember to customise your security settings to ensure your profile is only accessible to those you trust.
- Never provide confidential personal information including your TFN when applying for work online. You should only provide this information to your employer once you commence work.
Tips for recognising and avoiding tax scams and fraud
You should be wary of unsolicited emails claiming to be from the ATO. Hoax emails and websites can look very convincing; however they are often poorly worded and contain spelling and grammatical mistakes. We have developed some simple tips that you should follow to protect yourself online against identity fraud:
- Report emails that offer tax refunds in exchange for entering personal information
We can only calculate tax refunds after you have reported information to us about your financial activity for the year. Based on that information we automatically pay any refund due into your nominated bank account or send you a cheque. Any email that requests additional information before a refund can be released is a hoax.
- Report emails which inform you that you owe us money or your account is in arrears and we will now be taking you to court
We will never email you with this information. Once we have processed your information, we will send you a notice or account statement to let you know of your total tax liability and if you owe money. This will also tell you when you need to make any payments.
If you are having difficulty paying your tax debt, it is important you contact us. If you fail to address your debt we will contact you via:
- phone - generally during normal business hours. We also make phone contact between 5.00pm and 8.30pm, which is more convenient for many people
- mail - this will be sent to the postal address we have on our records
- an external collection agency
- a personal visit.
We will never contact you about owning us money without sending out a notice or account summary. We will also not start any legal action until we have tried various other methods (including setting up a payment plan) to collect the money.
- Any email you receive which demands payment or advises we're taking legal action for the amount owed without us contacting your first, is a hoax.
|
If you have any questions about managing your debt please contact us on 13 11 42.
|
- Always use our online services by visiting www.ato.gov.au
Following this practice ensures you are logging into the genuine ATO website. You will always be prompted to sign with your AUSkey before you can enter the Business, BAS, and Tax Agent Portals. If you aren't asked to do this, the website is a fake.
As an extra precaution we recommend you type internet addresses directly into your internet browser rather than clicking on links embedded in emails. You can also check the URL of the page you are visiting to ensure the site is genuine.
- Make sure you keep your tax file number (TFN) and passwords secure
We recommend you change your passwords on a regular basis. Try using one that consists of a combination of numbers, letters (both upper case and lower case), punctuation, and special characters. Don't share your password with others and never reply to emails with your password or other sensitive information, including your TFN. Keep your password and TFN secure.
The ATO will occasionally use SMS and emails for promotional and information purposes.
|
Our SMS and email messages will never include, or ask you to provide, personal information, and do not require any form of reply.
|
SMS messages could include:
- reminders for lodgment or payment of BAS
- reminders for lodgment of income tax returns
- notification of service availability or system outages
- a request to contact the ATO to discuss income tax, ABN or activity statement information lodged
- confirmation of appointment and receipt
- notification of delay to electronically lodged tax returns.
Email messages could include:
- promoting a new ATO online service
- information on e-tax availability and updates
- activity statement updates
- subscription services, including RSS and newsletters
- a request to contact the ATO to discuss income tax, ABN or activity statement information lodged
- notification of delay to electronically lodged tax returns
- scam warning and online security reminders.
Current ATO SMS and email communications include, but are not limited to:
SMS
Topic
|
Subject
|
Audience
|
Timing
|
Tax Time 2013
|
You can now lodge your tax return online using e-tax by 31 October.
|
Individuals
|
1 - 19 July 2013
|
May monthly BAS
|
Reminder to lodge and pay
|
Micro and SME
|
17 June 2013
|
April monthly BAS
|
Reminder to lodge and pay
|
Micro and SME
|
17 May 2013
|
March quarterly BAS
|
Reminder to lodge and pay
|
Micro and SME
|
24 April 2013
|
March monthly BAS
|
Reminder to lodge and pay
|
Micro and SME
|
17 April 2013
|
Indirect tax objections
|
Request to contact objection officer to provide additional information regarding objection
|
Individuals, micro and SME
|
Ongoing - commencing February 2013
|
Tax returns
|
Request to contact us to provide additional information regarding lodgment
|
Individuals, micro and SME
|
Ongoing - commencing October 2012
|
Activity statements
|
Request to contact us to provide additional information regarding lodgment
|
Individuals, micro and SME
|
Ongoing - commencing October 2012
|
Instalment notices
|
Request to contact us to provide additional information regarding lodgment
|
Individuals, micro and SME
|
Ongoing - commencing October 2012
|
Business detail updates
|
Business detail updates
|
Business detail updates
|
Ongoing -commencing September 2012
|
Tax returns
|
Notification of delay to electronically lodged tax returns
|
Individual self preparers
|
Ongoing - commencing 30 July 2012
|
ABN Applications
|
Contact request to discuss ABN application
|
Individuals, micro and SME
|
Ongoing - commencing April 2012
|
Email
Topic
|
Subject
|
Audience
|
Timing
|
Tax Time 2013
|
You can now lodge your tax return online using e-tax by 31 October.
|
Individuals
|
1 - 12 July 2013
|
Lodge and Pay Electronically
|
Information for businesses with an annual turnover between $2m and $250m on how to lodge and pay electronically.
|
SME
|
June 2013
|
Promise to Lodge
|
Email to confirm your commitment to lodge by an agreed date.
|
Individuals, Micro and SME
|
June - August 2013
|
Lodgment performance benchmark
|
Quarterly statement of tax agent income tax lodgment performance.
|
Tax Agents
|
Ongoing - commencing December 2012
|
Tax returns
|
Request to contact us to provide additional information regarding lodgment
|
Individuals, Micro and SME
|
Ongoing - commencing October 2012
|
Activity Statements
|
Request to contact us to provide additional information regarding lodgment
|
Individuals, Micro and SME
|
Ongoing - commencing October 2012
|
Instalment Notices
|
Request to contact us to provide additional information regarding lodgment
|
Individuals, Micro and SME
|
Ongoing - commencing October 2012
|
Business Detail Updates
|
Business Detail Updates
|
Business Detail Updates
|
Ongoing - commencing September 2012
|
Tax returns
|
Notification of delay to electronically lodged tax returns
|
Individual self preparers and tax agents
|
Ongoing - commencing 30 July 2012
|
ABN Applications
|
Contact request to discuss ABN application
|
Individuals, Micro and SME
|
Ongoing - commencing April 2012
|
The ATO will only post messages on our official social media profiles for informational and educational purposes.
|
We will never ask you to provide your personal details such as TFN, date of birth, bank account/credit card details or personal contact details such as your home address in these channels. Do not respond to any such requests, but report them to us at reportemailfraud@ato.gov.au
Remember to customise your security settings to ensure your profile is only accessible to those you trust.
|
Use of hyperlinks
We only link to content that we maintain (for example, ato.gov.au, our social media profiles) or partner content (for example, abr.gov.au, staysmartonline.gov.au). Remember to always check the target address (URL) of the page you are visiting to ensure the site is genuine by hovering the mouse over it. If you are unsure, do not click, rather copy and paste the URL into your browser.
Protect yourself when using social media
Remember that posts you make on social networking websites like Facebook, Twitter and You Tube are publicly viewable and searchable. Please be aware that what you post may remain online indefinitely and can be found through search engines and online archives.
Protect your personal and financial information and the privacy of others by not posting personal information on ATO social media profiles. We will remove any posts that contain personal information.
Follow these tips to protect yourself online when using social media:
- protect accounts with strong passwords and change them regularly
- think carefully before you click on links and attachments, particularly in emails and on social networking sites
- regularly adjust your privacy settings on social networking sites
- customise your security settings to ensure your profile is only accessible to those you trust
- never post personal financial information about yourself, your friends or family.
Refund scams
There are a number of refund scam emails currently circulating. These emails claim to come from the ATO and offer a tax refund. Generally, they link to a bogus ATO website asking for personal and credit card details. These emails can differ in their appearance and level of sophistication but will generally state that you are eligible for a refund and instruct you to click on a link to submit a form to receive it. The ATO will never email you asking for personal or credit card details and you should never provide this information.
One version of this scam contains an attachment infected with a virus. This email purports to be from the ATO and asks for the recipient to complete the attached form to receive a tax refund. There is zip file attached to the message that contains a malicious program. If you receive an email like this, do not open the attachment.
Under no circumstances should you give personal information including credit card or banking details. Anyone who has received a suspicious phone call or email should contact us immediately.
Key indicators of this scam include:
- the email asks you to provide personal details. You should always be suspicious of this
- it is poorly worded with spelling and grammatical mistakes (though this is not always the case)
- includes an attachment (form) or link to a webpage to lodge a form
- comes from an email address which is not a valid ATO email address
- asks for credit card and PIN numbers.
Below are some examples of refund scam emails and the forms that they link to:
|
The email will appear to have been sent from the ATO and links to a very convincing version of the Government EasyPay website (see below).
Remember to always check the URL to ensure the website is legitimate.
|
Example of a refund scam email content:
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $210.75 AUD. Please submit the tax refund request and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Regards,
Australian Taxation Office
Phishing scams
Phishing is a common method that scammers use to obtain personal details such as your usernames, passwords, tax file numbers and credit card details. They do this by masquerading as a trustworthy entity such as the ATO (@ato.gov.au) in an electronic communications such as emails. These emails will typically ask you to complete a form or click a link allowing scammers to steal your information or infect your computer with malware.
Malware, (short for malicious software) consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation and to gather information which leads to a loss of privacy or exploitation, gain unauthorised access to system resources, and other abusive behaviour.
Below are examples of phishing emails currently circulating:
|
The email will appear to have been sent from the ATO and links to a very convincing version of our online services registration page.
Remember to always check the URL to ensure the website is legitimate.
|
|
This scam email appears to be from an ato.gov.au email address and displays as being sent from the Australian Taxation Office.
Don't open the attachment as it contains malware.
Delete the email immediately.
|
|
This scam email appears to be from an ato.gov.au email address and displays as being sent from the Australian Taxation Office.
Don't click on the link, just delete the email immediately.
|
This email comes with an attachment. Opening this attachment will run and install the malware software.
This email appears to be coming from a legitimate domain (abr.gov.au) however if the links within the email are clicked, you will be taken to a fake website where malicious code will attempt to install itself onto you computer.
Key indicators of this scam:
- the domain appears to be coming from a legitimate source e.g. @ato.gov.au or @taxoffice.com.au
- email has an attention grabbing / enticing subject line e.g. Australian Taxation Office - New Rules or International Money Transfer Advice of funds sent
- email contains enticements to act e.g. here is your tax refund or your account is in the arrears and as you have a debt we are now taking you to court
- email then asks you to click onto a link to find out more information
- the link contained within the email then takes you to a fake website (claiming to be either the ATO or a third party) where malicious code will attempt to install itself onto you computer or infect your computer with malware.
Current phishing scam emails circulating contain variations of the above.
There are a number of mobile phone scams currently circulating. These messages can differ in their appearance and level of sophistication but will generally state you are eligible for a refund and instruct you to click on a link to submit a form to receive it.
Generally, they link to a bogus ATO website by asking for personal information (including your mobile phone number) and credit card details.
By clicking the link or filling in the details you will potentially expose yourself to identity theft.
Scams that come to you on your mobile can be difficult to recognise. You should be wary of unsolicited texts or messages claiming to be from the ATO.
Occasionally we may send you an SMS alerting you to the availability of new products/services or provide lodgment reminders, however we will never message you asking for personal or credit card details.
Under no circumstances should you provide personal information such as credit card or banking details.
If you receive any messages like the examples shown below you should delete them immediately.
If you have received a suspicious message and provided your personal details you should contact us and your financial institution immediately.
Key indicators of a mobile phone scam include:
- the message asks you to provide personal details (including your mobile phone number). You should always be suspicious of this
- includes an attachment (form) or link to a webpage to lodge a form
- asks for credit card and PIN numbers.
Below are some examples of mobile scam messages and the online forms that they link to:
From time to time the ATO may contact you by phone but you should be wary of unsolicited phone calls claiming to be from the ATO and offering you a tax refund. Increasingly we are seeing these scams using names and addresses that have some correlation to actual ATO officers and buildings. We advise taxpayers to be highly vigilant when receiving phone calls of this nature.
If in doubt about the authenticity of a call that you receive from the ATO we recommend that you contact us on one of our publicly listed numbers to verify the legitimacy of the call.
The following are examples of recent phone scams:
1. You are called on either your private home or mobile number by a person claiming to be from the ATO. They say that you have been chosen for a business grant of $7000 (could be any amount) from the federal Government. You are told you need to phone a specific number straight away to organise the process to collect the grant.
Key indicators of this scam:
- cold calling (unsolicited calls)
- the caller advises that you have been chosen for a business grant
- you are asked to phone to organise the collection of the grant. When phoning, you will likely be asked for personal information, including financial details or requested to pay an amount to have the money released. You may also be asked to provide other personal information that could be utilised to steal your identity
- the caller provides details which may be similar to actual ATO officer details or addresses. However the street name may be spelt incorrectly or the wrong postcode is provided with the address.
2. You are called on either your private home or mobile number by a person claiming to be from the ATO. They say that you are owed a tax refund of around $3000 (could be any amount) and that you need to make a money transfer to an Indian orphanage or other charity of around $150 in order to receive your refund.
Generally they provide a NSW phone number to contact the 'ATO' once you have completed the transfer. The scammers sometimes quote personal information such as address and date of birth during the conversation to show authenticity and also often have several private contact numbers for you.
Key indicators of this scam:
- cold calling (unsolicited calls)
- the caller advises that you have an unclaimed refund
- you are asked to pay a sum of money to a third party in order to receive the refund
- the payment must be made through a money transfer.
3. You receive a call from a person saying that they are from "The Tax Office's Australian Government Grants Department". The person asks to clarify your name and address and says you will receive a cheque for $5200, hand delivered the next day. In order to get this cheque, you need to call a phone number back to confirm eligibility.
Key indicators of this scam:
- cold calling (unsolicited calls)
- the caller advises that you will receive this money as they have "unclaimed taxes" and/or they "pay tax frequently"
- all the call centre operatives refer to themselves as "Harry"
- you call the number provided and are asked to go to Australia Post and complete a "Yellow Form" (presumably an International Money order) and call them back to provide a 10 digit confirmation number from the form
- you must attach $99 and address the form to "Australian Government - Veerendra Kumar, Bareilly, India"
- the phone number provided is (02) 6100 3889.
A new email scam claiming to be from the Australian Taxation Office is currently circulating.
This latest scam has a bogus ATO form attached to it, which asks for personal details including credit card details and ATM card PIN numbers. The email asks for the form to be completed, printed, and sent in to a genuine ATO address.
The email states that 'after a recalculation of your fiscal activity, we have determined that you are entitled to receive a tax refund of AU$ xxx'
When the victim fills out the form and clicks the 'print' button, all of the personal details are instantly sent to a third party overseas.
After submitting personal details, victims are redirected back to the genuine ATO website.
These scams are predominantly designed to conduct identity theft and credit card fraud.
From time to time, the ATO may amend your tax return (for example, because of a data-matching exercise). If this happens, we will send you an amended notice of assessment on paper to your postal address. It will never be sent by email.
Anyone who receives a suspicious phone call or email should contact us immediately.
Key indicators of this scam include:
- the email asks you to confirm or update your personal details. You should always be suspicious of this
- it is poorly worded with spelling and grammatical mistakes
- includes an attachment (form)
- comes from an email address which is not a valid ATO email address
- asks for credit card and PIN numbers
- the 'print form' button sends all of the personal details to the scammers (as well as sending the form to your printer)
- the scam asks for the paper form to be sent to an authentic ATO address, to attempt to increase authenticity.
Examples of this scam:
Example 'Recalculation of your tax refund' email content:
Tax return for individuals - 2009
2008 - 2009 Recalculation of you tax refund
After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of AU$ 568.24
Complete the individual tax return form attached to this message. After completing the form print the form by clicking the PRINT button on the form and mail the form to our head office.
Our head office address can be found on our website at http://www.ato.gov.au/
Sincerely,
Australian Taxation Office
Canberra
Ground floor, Ethos House
28-36 Ainslie Avenue
Civic Square ACT 2600
A new email scam is circulating claiming to be from the ATO and advising that money is to be transferred into your account. The email claims that acknowledgment is required as well as your personal details so that the transfer can occur. The ATO will never email you requesting personal information or to notify you of a money transfer. Do not reply to this type of email and contact us immediately if you have concerns about the legitimacy of an email you have received.
Key indicators of this scam include:
- the email is poorly worded and contains spelling and grammatical errors
- asks for personal details
- advises of a payment
- includes an attachment
- comes from an email address which is not a valid ATO email address.
Example of this scam:
If you have received fraudulent communication or are unsure of the legitimacy of a communication you have received which claims to be from the ATO, let us know.
You can report unsolicited emails claiming to be from the ATO by forwarding the entire email to ReportEmailFraud@ato.gov.au. In order for us to act promptly to your email, we do not respond individually to any emails sent to this address. This email address is to be used only for the reporting of unsolicited emails. Contact us by phone for all other enquires.
You can also check on any communication that you aren't sure about by phoning us from 8.00am-6.00pm, Monday to Friday on:
- Individuals 13 28 61
- Businesses 13 28 66
- Tax Professionals 13 72 86.
The following pages contain information and advice about protecting your online security and recognising scams.
ScamWatch
ScamWatch provides information about how to recognise, avoid and report scams.
Stay Smart Online
Stay Smart Online provides comprehensive information and practical tips for protecting yourself against security scams and transacting safely online.
Australian High Tech Crime Centre
The Australian High Tech Crime Centre, an operational arm of the Australian Federal Police (AFP) High Tech Crime Operations (HTCO) portfolio, provides a national coordinated approach to combating serious, complex and multi-jurisdictional technology enabled crimes.
Protecting your computer against malicious code
This paper by AusCERT outlines effective strategies that will assist in minimising the risk of harm to confidentiality, integrity and availability of your computer data and systems when connected to the internet. It provides practical advice for protecting personal computers from malicious code for home users and organisations without dedicated IT staff.
Last Modified: Wednesday, 19 June 2013
|