11 January 2024
The ATO is in the process of removing hyperlinks from all outbound unsolicited SMS by Tax Time 2024. Removing hyperlinks is a scams preventative measure. It will help protect the community by making it easier to identify legitimate ATO SMS interactions and provide trust and confidence in the ATO and our tax, super and registry systems.
There has been significant growth in the use of SMS by cybercriminals. Throughout the 2022–23 financial year, SMS scams impersonating the ATO brand, products, services, and our people, increased by over 400%.
Cybercriminals often use hyperlinks in targeted SMS phishing scams. The hyperlinks take individuals to highly sophisticated fraudulent websites (such as a fake myGov sign in page) designed to steal their personal information or install malware.
We may use SMS to contact you, but we will never include links to log in pages. If you want to access our online services, always type my.gov.au or ato.gov.au into your internet browser yourself.
This change also serves as a timely reminder to protect your information. Do not give out your TFN, date of birth or bank details unless you trust the person you are dealing with, and they genuinely require these details.
If you think communication such as a phone call, SMS, voicemail, email or interaction on social media claiming to be from the ATO is not genuine, do not engage with it. You should either:
- go to Verify or report a scam to see how to spot and report a scam
- phone us on 1800 008 540, if you have divulged information or paid a scammer money.
For information and examples of ATO impersonation scams, see Scam alerts.
12 September 2023
The number of ATO impersonation scams are higher than ever, but our 2022–23 data indicates that Australians are becoming more aware and educated about how to identify and report scams.
Last financial year our data shows:
- There were 25,609 ATO impersonation scams reported to us, an increase of over 25%.
- The amount of money paid to scammers decreased by 75%.
- Only 28 people paid money to a scammer, a 66% decrease.
- 346 people divulged personal identifying information (PII), a decrease of 71%.
- There has been a significant shift in the way scammers are contacting people – email has increased by 179% and SMS contact has increased by 414%.
- The shift toward SMS and email scams has seen an increase in targeted phishing scams, leading clients to fraudulent websites. In response, we have initiated 4,836 take downs of websites with AusCERT.
- 35–44-year olds are now the most likely to pay money to a scammer. This has shifted from the younger demographic of 25–34 year olds in the previous year.
- 25–34-year olds have remained the age group that divulged the most PII to scammers.
Note: All data comparisons are with the 2021–22 financial year.