Show download pdf controls
  • Review security to stop fraud and protect your clients

    You hold a large amount of client, staff and business information that is of interest to identity thieves. Criminals may target your practice to access your clients' information to obtain fraudulent refunds. They may also try to trick you into clicking on links or opening attachments that install malware or ransomware on your computer systems.

    While Australia is affected by COVID-19 (coronavirus) it is important you and your clients know the tell-tale signs of tax and economic stimulus related scams.

    Watch out for some common warning signs. We will never:

    • send an email or SMS with a hyperlink directing you to our online services such as myGov
    • request personal identifying information via a return email unless you have agreed to engage with us in this way
    • send you or your clients unsolicited pre-recorded messages to your phones using a fake or ‘spoofed’ phone number
    • threaten you or your clients with immediate arrest and insist you stay on the line until a payment is made
    • prevent your clients from discussing their tax affairs with you
    • make a conference call between us, your client, and you
    • request payment of a debt via iTunes, Google Play cards or other vouchers, cryptocurrency, cardless cash transfer, offshore wire transfer or into a bank account not held by the Reserve Bank of Australia
    • ask you or your clients to pay a fee to receive a refund.

    Stay up to date on our current SMS and email activities, including alerts relating to COVID-19 stimulus packages. To check if a suspicious call, message or request is from us, you or your clients can phone the ATO scam hotline on 1800 008 540.

    Security procedures

    Review your security procedures to help stop fraud and protect your clients and your practice.

    We recommend you:

    • never access online government services via a hyperlink in an email or SMS - only via an independent search
    • call us on an independently sourced number to verify an interaction if in doubt
    • check the proof of identity for all new clients and question discrepancies before you prepare and lodge their returns
    • ensure your computer systems and other devices have up to date security and anti-virus software to protect against cyber attacks
    • review staff accesses, remove access for anyone who shouldn’t have it and update passwords regularly
    • talk to your clients and staff about the importance of  
      • keeping personal information secure – including user IDs, passwords and tax file numbers
      • exercising caution when clicking on downloads, hyperlinks or opening attachments in unsolicited or unfamiliar emails, SMS or on social media.

    You or your clients may receive fraudulent communications that claim to be from us, so it's important to know how to verify or report a scam. You may like to consider sharing this information with your clients, or linking to it from your own website.

    If you experience a data breach, phone us as soon as possible on 1800 467 033 Monday to Friday, 8.00am–6.00pm, so we can apply measures to protect your business, staff and clients where necessary.

    See also:

    Last modified: 24 Jul 2020QC 45695