Increase your online security
Your personal information is an important part of your identity. There are many ways you can interact with us online, and the following tips can help you make sure your online transactions with us are safe.
Use myID to access online services
myID, is the most secure way to access ATO online services and helps protect against identity crime, including tax fraud.
If you can, we recommend you secure your sign in with a Strong myID and protect your valuable personal information. Follow our simple steps to increase your online security with myID and set your online access strength to Strong.
Use multi-factor authentication
Multi-factor authentication requires a combination of:
- something you know (PIN, secret question)
- something you have (card, token), or
- something you are (fingerprint or other biometric).
Enabling multi-factor authenticationExternal Link increases your online safety, but the most secure way to access online accounts and services is by using myID. Protect yourself against cyber criminals and set up your myIDExternal Link now.
Use strong and secure passphrases
Consider moving from a password to a passphraseExternal Link. Using passphrases can:
- boost the security of your accounts
- make it harder for cyber criminals to access your information.
A passphrase:
- should be easy for you to remember
- can involve a set of 4 or more random words, numbers and/or symbols depending on the website’s password requirements.
The longer your passphrases, the better.
A random mix of unrelated words:
- is less predictable than a password
- will produce a stronger passphrase – for example, ‘crystal onion clay pretzel‘.
A password manager can help you generate or store passphrases. Regularly change passphrases and do not share them.
Check whether your passphrases have been compromised and change them immediately if they have. One way to check your credentials is by going to Have I Been PwnedExternal Link. Learn more about creating and protecting your passphrasesExternal Link.
Regularly back up your devices
Back up your files and devicesExternal Link regularly on a physical device (such as an external hard drive) or in the cloud. This is helpful if your data becomes damaged, lost, stolen or infected by ransomwareExternal Link.
A ransomware attack can:
- lock your computer or encrypt your data until you pay a fee to the criminal
- steal your personal or business information and threaten to leak or sell the information unless a ransom is paid.
Keep your backup devices secure by making sure they are not continuously connected to your main network.
Make sure all devices have the latest available security updates
Cybercriminals can take advantage of known weaknesses in systems or applications. Software updates include security improvements that make it harder for attackers to use those vulnerabilities. Regular updates are critical in maintaining a secure system. It's important to either:
- check for any updates regularly
- turn on automatic updates.
Antivirus softwareExternal Link can help prevent, detect, and remove malwareExternal Link from your device. Make sure you turn on your antivirus software and keep it up to date.
Be careful when clicking on links, downloading programs or opening attachments
Be careful when downloading attachments or clicking on links, even if the message seems to come from someone you know.
Always access our online services directly by typing ato.gov.au or my.gov.au into your browser, or by using the ATO app. Do not follow link from texts or emails or social media.
Be sure you are downloading authorised and legitimate programs. Unless you know the program is legitimate, do not open attachments or download it.
Some programs contain malware that can infect your computer, including ransomware that locks your files until you pay a criminal. It can also be used to harvest your sensitive personal information.
Use a spam filter on your email account
Always use a spam filter on your email account and do not open unsolicited messages.
Be wary of downloading attachments or opening email links you receive, even if they are from someone you know.
Spam emails can be:
- embedded with malware
- used to trick you into providing information or buying non-legitimate goods.
Do not respond to or click on these emails. This can help you reduce the risk of your personal information being used fraudulently, or your computer being infected with malware.
Learn more about how to secure your emailExternal Link.
Monitor your accounts for unusual activity or transactions
Check your myGov Inbox and your accounts (including banking and online services) regularly. If you know everything is in order, it will be harder for a scammer to convince you otherwise.
If an organisation you deal with sends you an email or SMS alerting you to unexpected changes on your account, do not:
- click on included hyperlinks
- open any attachments.
You should immediately:
- check your accounts by searching for the organisation's website in a web browser
- phone the organisation using a number you've looked up.
Be vigilant about what you share on social media
Keep personal information private and be aware of who you are interacting with online.
People are accustomed to sharing personal information on social media. However, before sharing, ask yourself if it's information you want strangers to have access to.
It's very easy for information on social media sites to be shared outside of your network, even when your security settings are set to private.
Be sure you know who you are speaking to on social media and only share information with people you know and trust.
Criminals can use certain combinations of your personal information to impersonate you to access money, apply for credit cards and bank loans, or commit crimes.
Keep your personal information secure
Keep your tax file number (TFN), passwords, superannuation and other sensitive information (such as your myGov or bank account details) secure. Don't share them with others, including in emails, to prospective employers or on social media.
Secure your electronic devices wherever you are. Your personal information can be taken in an instant. In some situations, you won’t even know it was stolen.
Make sure you:
- do not leave electronic devices unattended
- secure your electronic devices with passcodes
- securely store portable storage devices (such as thumb and hard drives) when not in use.
Learn more about how to protect yourself onlineExternal Link.