Show download pdf controls
  • Online security

    There are many ways you can interact with us online. You can lodge your tax returns and other tax related information online, as well as engage with us on social media.

    We take the security and privacy of your personal information very seriously. We have steps in place to ensure your data and online transactions with us are secure and safe.

    You can also help ensure your online transactions with us are safe by taking some simple precautions.

    Find out about:

    What you can do to stay safe online

    As a taxpayer you play a big part in protecting your personal information and making sure it is safe when you interact online.

    • Be cautious when clicking on hyperlinks embedded in SMS and emails. Do not click on links or attachments in emails from unknown sources.
    • Always access our online services directly via or or the ATO app.

    Note: If you are unsure about the legitimacy of an ATO notification received via myGov, go directly to the myGov homepageExternal Link and sign in to check your inbox for messages. If the notification in question is not there, phone us on 1800 008 540.

    • Keep your tax file number (TFN) and passwords secure - don't share your password with others. Never reply to emails with your password or other sensitive information (such as your TFN) – including to prospective employers. We recommend you change your passwords regularly.
    • Make sure you only engage with verified ATO pages on social media and never share your TFN on social media platforms.
    • Regularly back up your data onto an external hard drive or cloud back up. Secure your backup devices by ensuring they are not continuously connected to your main network.
    • Install anti-virus software on all devices and set the software to automatically check for updates on a daily basis.
    • Disable remote access software until it is needed.
    • Make data security an everyday priority - practice good cyber hygiene and constantly review your security habits.

    We encourage you to remain vigilant, take precautions, address security, and uphold your privacy by assessing your online practices at least quarterly.

    Our online security self-assessment questionnaire is designed to provide you with measures and information to assist you to improve your online security.

    Next steps:

    See also:

    How we protect you

    We keep your personal information safe by:

    • confirming your details when you contact us
    • having a range of systems and controls to ensure your data and transactions with us are secure
    • logging all accesses to your personal information (to identify any unauthorised behaviour).

    To help you stay safe online, we will not:

    • ask you for your TFN or bank details via email, SMS, or social media
    • provide your personal information to anyone without your consent, unless the law permits us to do so
    • communicate with you on behalf of another government agency or ask another government agency to represent us.

    ATO impersonation scams

    You may receive a phone call or email from someone claiming to be from the ATO. Sometimes, these emails or messages will already include your personal information, which can trick you into believing they are legitimate.

    If you have been scammed or are unsure of the authenticity of communication from us, contact us on 1800 008 540, Monday - Friday between 8am-6pm.

    Find out about:

    Data breach guidance

    Both you and your clients may be targeted by criminal syndicates involved in identity crime and refund fraud.

    We recommend that you protect yourself, business and clients against identity crime and fraud by taking appropriate security precautions.

    If you or your business experiences a data breach, there are steps you can take to minimise the impact of this.

    See also:

    Security for digital services providers

    We have specific security measures around where and how data is stored, accessed and transferred.

    We are developing a set of security requirements for digital service providers to safeguard the integrity and security of the digital taxation and superannuation system.

    The requirements for using our digital services vary for each digital service provider. They are based on the risk of the data they access, the number of users they have and the way they operate. It will be mandatory for users of cloud-based software to use multi-factor authentication.

    Last modified: 10 May 2018QC 40958