Show download pdf controls
  • Online security

    There are many ways you can interact with the ATO online, including lodging your tax returns and other tax-related information. You can also engage with us on social media.

    We take the security and privacy of your personal information very seriously. We have steps in place to ensure your data and online transactions with us are secure and safe.

    You can also help ensure your online transactions with us are safe by taking some simple precautions.

    Find out about:

    What you can do to stay safe online

    As a taxpayer you play a big part in protecting your personal information and making sure it's safe when you interact online.

    You should:

    • Always exercise caution when downloading attachments or clicking links in emails, text messages or social media posts, even if they appear to come from someone you know.
    • Always access our online services directly via ato.gov.au or my.gov.au or the ATO app
      • Note: If you are unsure about the legitimacy of an ATO notification received via myGov, go directly to the myGov homepageExternal Link and sign in to check your inbox for messages. If the notification is not there, phone us on 1800 008 540.
       
    • Keep your tax file number (TFN) and passwords secure – don't share your password with others. Never reply to emails with your password or other sensitive information (such as your TFN) including to prospective employers. We recommend you change your passwords regularly.
    • Use multi-factor authentication where possible. Using SMS codes as your sign-in option for myGov is a quick and secure way to sign-in to access ATO online services.
    • Only engage with verified ATO pages on social media. Never share personal information on social media, such as your TFN, myGov or bank account details.
    • Regularly back up your data onto an external hard drive or cloud back up. Secure your backup devices by ensuring they are not continuously connected to your main network.
    • Keep your software up to date. Protect yourself and your business by installing the latest security updates, running regular anti-virus scans and using a spam filter on your email accounts.
    • Disable remote access software until it's needed.
    • Make data security an everyday priority by practicing good cyber hygiene and constantly reviewing your security habits.

    We encourage you to remain vigilant, take precautions, address security, and uphold your privacy by assessing your online practices at least quarterly.

    Our online security self-assessment questionnaire is designed to provide you with measures and information to assist you to improve your online security.

    Next step:

    See also:

    How we protect you

    We keep your personal information safe by:

    • confirming your details when you contact us
    • having a range of systems and controls in place to ensure your data and transactions with us are secure
    • logging access to your personal information (to help us identify any unusual behaviour).

    To help you stay safe online, we will not:

    • ask you for your TFN or bank details via return email, SMS, or on social media
    • provide your personal information to anyone without your consent, unless the law permits us to do so
    • communicate with you on behalf of another government agency or ask another government agency to represent us.

    ATO impersonation scams

    You may receive a phone call or email from someone claiming to be from the ATO. Sometimes, these emails or messages will already include your personal information, which could make you think they are legitimate.

    If you or someone you know has paid or provided personal identifying information or if you are unsure of the authenticity of communication from us, phone us on 1800 008 540, Monday to Friday between 8.00am and 6.00pm.

    If you receive a scam phone call or text message, and have not paid or provided personal identifying information to the scammer, you can report the scam online.

    See also:

    Data breach guidance

    Both you and your clients may be targeted by criminal syndicates involved in identity crime and refund fraud.

    We recommend that you protect yourself, your business and clients against identity crime and fraud by taking appropriate security precautions.

    If you or your business experiences a data breach, there are steps you can take to minimise the impact.

    See also:

    Security for digital services providers

    We offer a range of digital services that support the community to interact with us to do business. We place specific security measures around where and how data is stored, accessed and transferred.

    The growth of our digital wholesale services increases productivity and connects the community across the digital economy. This presents a range of service opportunities for us and the community. However, there are also business risks and security implications to be managed.

    The Digital service provider (DSP) Operational Framework addresses these risks. It establishes how we will provide access to and monitor the digital transfer of data through software.

    See also:

    Last modified: 12 Aug 2019QC 40958