Show download pdf controls
  • Online security

    There are many ways you can interact with the ATO online, including lodging your tax returns and other tax-related information. You can also engage with us on social media.

    We take the security and privacy of your personal information very seriously. We have steps in place to ensure your data and online transactions with us are secure and safe.

    You can also help ensure your online transactions with us are safe by taking some simple precautions.

    Find out about:

    What you can do to stay safe online

    As a taxpayer you play a big part in protecting your personal information and making sure it's safe when you interact online.

    You should:

    • Always exercise caution when downloading attachments or clicking links in emails, text messages or social media posts, even if they appear to come from someone you know.
    • Always access our online services directly via ato.gov.au or my.gov.au or the ATO app.
    • Keep your tax file number (TFN) and passwords secure – don't share your password with others.
    • Never reply to emails with your password or other sensitive information (such as your TFN), including to prospective employers.
    • We recommend you change your passwords regularly.
    • Use multi-factor authentication where possible – using SMS codes as your sign-in option for myGov is a quick and secure way to sign-in to access ATO online services.
    • Ensure your digital identity, such as myGovID, is secure. Your digital identity is unique to you and shouldn’t be shared, as this will enable others access to your personal data across services such as tax and health.
    • Avoid conducting high-risk transactions, such as banking or logging on to online services, over unsecure public Wi-Fi.
    • Only engage with verified ATO pages on social media. Never share personal information on social media, such as your TFN, myGov or bank account details.
    • Regularly back up your data onto an external hard drive or cloud backup. Secure your backup devices by ensuring they are not continuously connected to your main network.
    • Keep your software up to date. Protect yourself and your business by installing the latest security updates, running regular anti-virus scans and using a spam filter on your email accounts.
    • Disable remote access software until it's needed.
    • Make data security an everyday priority by practicing good cyber hygiene and constantly reviewing your security habits.

    We encourage you to remain vigilant, take precautions, address security, and uphold your privacy by assessing your online practices at least quarterly.

    Our online security self-assessment questionnaire provides you with measures and information to assist you to improve your online security.

    If you're not sure if an ATO notification received via myGov is legitimate, go directly to my.gov.au and sign in to check your inbox for messages. If the notification is not there, phone us on 1800 008 540.

    Next step:

    See also:

    How we protect you

    We keep your personal information safe by:

    • confirming your details when you contact us
    • having a range of systems and controls in place to ensure your data and transactions with us are secure
    • logging access to your personal information (to help us identify any unusual behaviour).

    To help you stay safe online, we will not:

    • ask you for your TFN or bank details via return email, SMS, or on social media
    • provide your personal information to anyone without your consent, unless the law permits us to do so
    • communicate with you on behalf of another government agency or ask another government agency to represent us.

    See also:

    Data breach guidance

    Criminal syndicates involved in identity crime and refund fraud may target you, your employees and clients.

    We recommend that you protect yourself, your business, employees and clients against identity crime and fraud by taking appropriate security precautions.

    If you or your business experiences a data breach, there are steps you can take to minimise the impact.

    See also:

    Security for digital services providers

    We offer a range of digital services that support the community to interact with us to do business. We place specific security measures around where and how we store, access and transfer data.

    The growth of our digital wholesale services increases productivity and connects the community across the digital economy. This presents a range of service opportunities for us and the community. However, there are also business risks and security implications to be managed.

    The Digital service provider (DSP) Operational Framework addresses these risks. It establishes how we will provide access to and monitor the digital transfer of data through software.

    See also:

    Authorised by the Australian Government, Canberra.

    Last modified: 11 Nov 2020QC 40958