ato logo
Search Suggestion:

Review security to stop fraud and protect your clients

How to protect your clients and practice from fraud by reviewing security practices and avoiding tax scams.

Last updated 12 June 2023

Security procedures

Tax professionals hold a large amount of client, staff and business information that is of interest to identity thieves.

Review your security procedures to help stop fraud and protect your clients and your practice. We recommend you:

  • never access online government services via a hyperlink in an email or SMS – only access via an independent search
  • check the proof of identity for all new clients and question discrepancies before you prepare and lodge their returns
  • ensure your computer systems and other devices have up-to-date security and anti-virus software to protect against cyber attacks
  • avoid using USBs or external hard drives from an unfamiliar source
  • enable multifactor authentication where available
  • review staff accesses and remove access for anyone who shouldn’t have it
  • update device and system passwords regularly
  • keep your electronic devices and premises secure at all times
  • talk to your clients and staff about the importance of
    • keeping personal information secure – including user IDs, passwords and tax file numbers (TFNs)
    • exercising caution when clicking on links or opening attachments in unsolicited or unfamiliar emails, SMS or on social media.

If you experience a data breach, phone us as soon as possible on 1800 467 033 Monday to Friday, 8:00 am to 6:00 pm. We can apply measures to protect your business, staff and clients where necessary.

Learn more about how to protect yourself by reviewing our top cyber security tips and security advice for tax professionals.

Talking to your clients about scams

You can help your clients understand the risks of scams and identity crime.

There are some tell-tale signs that can help clients identify an ATO impersonation scam. We will never:

  • send them unsolicited automated calls
  • threaten them with arrest or insist they stay on the phone until a debt is paid
  • cancel or suspend their TFN
  • request payments through unusual methods like
    • cryptocurrency
    • cardless cash
    • gift vouchers or bank transfers to private accounts
  • ask them to pay a fee in order to receive a refund.

If you become aware that your client has paid or provided personal information to a scammer, ask them to phone us on 1800 008 540 to make a report straight away.

Simple steps can also help your clients protect their personal information from criminals. You can remind them to:

  • not give out personal identifying information unless they trust the person they're speaking with
  • be careful when downloading attachments or clicking links, even if the message seems to come from someone they know
  • install the latest security updates and run regular anti-virus and malware scans
  • create strong passwords, and don't share them with anyone.