Show download pdf controls
  • Review security to stop fraud and protect your clients

    Tax practitioners hold a large amount of client, staff and business information that is of interest to identity thieves. Criminals may target your practice to access your clients' information to obtain fraudulent refunds. They may also try to trick you into clicking on links or opening attachments that install malware or ransomware on your computer systems.

    You can help protect your clients and your practice from fraud by reviewing your security practices and talking to your clients about tax scams.

    On this page:

    Security procedures

    Review your security procedures to help stop fraud and protect your clients and your practice.

    We recommend you:

    • never access online government services via a hyperlink in an email or SMS. Only access via an independent search
    • check the proof of identity for all new clients and question discrepancies before you prepare and lodge their returns
    • ensure your computer systems and other devices have up to date security and anti-virus software to protect against cyber attacks
    • avoid using USBs or external hard drives from an unfamiliar source
    • enable multifactor authentication where available
    • review staff accesses, remove access for anyone who shouldn’t have it and update passwords regularly
    • keep your electronic devices and premises secure at all times
    • talk to your clients and staff about the importance of
      • keeping personal information secure – including user IDs, passwords and tax file numbers (TFNs)
      • exercising caution when clicking on downloads, hyperlinks or opening attachments in unsolicited or unfamiliar emails, SMS or on social media.

    If you experience a data breach, phone us as soon as possible on 1800 467 033 Monday to Friday, 8.00am–6.00pm, so we can apply measures to protect your business, staff and clients where necessary.

    Next steps:

    Talk to your clients about scams

    You can help your clients understand the risks of scams and identity crime.

    There are some tell-tale signs that can help clients identify a tax scam. We will never:

    • send them unsolicited automated calls
    • threaten them with arrest or insist they stay on the line until a debt is paid
    • cancel or suspend their TFN
    • request payments through unusual methods like cryptocurrency, cardless cash, gift vouchers or bank transfers to private accounts
    • ask them to pay a fee in order to receive a refund.

    If you become aware that your client has paid or provided personal information to a scammer, ask them to phone us on 1800 008 540 to make a report straight away.

    Simple steps can also help your clients protect their personal information from criminals. You can remind them to:

    • not give out your personal identifying information unless they trust the person they're speaking with
    • be careful when downloading attachments or clicking links, even if the message seems to come from someone they know
    • install the latest security updates and run regular anti-virus and malware scans
    • create strong passwords, and don't share them with anyone.

    Next steps:

    Last modified: 27 May 2021QC 45695