Increase your online security
Your personal information is an important part of your identity. There are many ways you can interact with us online, and the following tips can help you make sure your online transactions with us are safe.
Use myID to access online services
myID, is the most secure way to access ATO online services and helps protect against identity crime, including tax fraud.
If you can, we recommend you secure your sign in with a Strong myID and protect your valuable personal information. Follow our simple steps to increase your online security with myID and set your online access strength to Strong.
Use multi-factor authentication
Multi-factor authentication requires a combination of:
- something the user knows (PIN, secret question)
- something you have (card, token), or
- something you are (fingerprint or other biometric).
Enabling multi-factor authentication increases your online safety, but the most secure way to access online accounts and services is by using myID. Protect yourself against cyber criminals and set up your myIDExternal Link now.
Use strong and secure passphrases
Consider moving from a password to a passphraseExternal Link. Using passphrases can:
- boost the security of your accounts
- make it harder for cyber criminals to access your information.
A passphrase:
- should be easy for you to remember
- can involve a set of 4 or more random words, numbers and/or symbols depending on the website’s password requirements.
The longer your passphrases, the better.
A random mix of unrelated words:
- is less predictable than a password
- will produce a stronger passphrase – for example, ‘crystal onion clay pretzel‘.
A password manager can help you generate or store passphrases. Regularly change passphrases and do not share them.
Regularly back up your devices
Back up your files and devicesExternal Link regularly on a physical device (such as an external hard drive) or in the cloud. This is helpful if your data becomes damaged, lost, stolen or infected by ransomwareExternal Link.
Secure your backup devices by making sure they are not continuously connected to your main network.
Make sure all devices have the latest available security updates
Cyber criminals hack devices using known weaknesses in systems or apps. Updates have software security upgrades and make it harder to hack.
Regular updates are critical in maintaining a secure system. It's important to:
- check for any updates regularly, or
- turn on automatic updates.
Antivirus softwareExternal Link can help prevent, detect, and remove malwareExternal Link from your device. Make sure you turn on your antivirus software and keep it up to date.
Be careful when clicking on links, downloading programs or opening attachments
Be careful when downloading attachments or clicking on links, even if the message seems to come from someone you know.
Always access our online services directly via ato.gov.au, my.gov.au or the ATO app – not by following a link.
Be sure you are downloading authorised and legitimate programs. Unless you know the program is legitimate, do not open attachments or download it.
Some programs contain malware that can infect your computer or be used to harvest your personal information.
Use a spam filter on your email account
Always use a spam filter on your email account and do not open unsolicited messages.
Be wary of downloading attachments or opening email links you receive, even if they are from someone you know.
Spam emails can be:
- embedded with malware
- used to trick you into providing information or buying non-legitimate goods.
Do not respond to or click on these emails. This can help you reduce the risk of your personal information being used fraudulently, or your computer being infected with malware.
Learn more about how to secure your emailExternal Link.
Monitor your accounts for unusual activity or transactions
Check your myGov Inbox and your accounts (including banking and online services) regularly. If you know everything is in order, it will be harder for a scammer to convince you otherwise.
If an organisation you deal with sends you an email or SMS alerting you to unexpected changes on your account, do not:
- click on included hyperlinks
- open any attachments.
You should immediately:
- check your account
- contact the organisation by telephone.
Be vigilant about what you share on social media
Keep personal information private and be aware of who you are interacting with.
People are accustomed to sharing personal information on social media. However, before sharing ask yourself if it is information you want strangers to have access to.
It's very easy for information on social media sites to be shared outside of your network, even when your security settings are set to private.
Be sure you know who you are speaking to on social media, and only share information with people you know and trust.
Criminals can use certain combinations of your personal information to impersonate you to access money, apply for credit cards and bank loans, or commit crimes.
Keep your personal information secure
Keep your tax file number (TFN), passwords, superannuation and other sensitive information (such as your myGov or bank account details) secure. Don't share them with others, including in emails, to prospective employers or on social media.
Secure your electronic devices wherever you are. Your personal information can be taken in an instant. In some situations, you won’t even know it was stolen.
Make sure you:
- do not leave electronic devices unattended
- secure your electronic devices with passcodes
- securely store portable storage devices (such as thumb and hard drives) when not in use.
Learn more about how to protect yourself onlineExternal Link.