Scammers are inundating targets with fake messages asking them to provide their myGov details, the Australian Taxation Office (ATO) has revealed, while urging taxpayers to remail vigilant when completing their tax returns.
The ATO this week revealed a rising volume of scam emails and text messages impersonating the organisation, designed to trick taxpayers into providing their sensitive myGov login details.
Such messages provide targets with a fake login page that scammers can use to steal passwords.
Common phrases used in the fake messages, as noted by the ATO, include:
‘You are due to receive an ATO Direct refund’
‘You have an ATO notification’
‘You need to update your details to allow your Tax return to be processed’
‘We need to verify your incoming tax deposit’
‘ATO Refund failed due to incorrect BSB/Account number’
‘Due to receive a refund, click here to receive a rebate’
The ATO says it does not send taxpayers SMS or emails with a direct link asking recipients to log onto online services.
“They should be accessed directly by typing ato.gov.au or my.gov.au into your browser,” the ATO said.
“While we may use SMS or email to ask you to contact us, we will never ask you to return personal information through these channels.”
The warning comes as scam losses mount.
The Australian Competition and Consumer Commission says Australians lost a record-breaking $3.1 billion to scams in 2022, an 80% uptick from those recorded in 2021.
Recent data from US cybersecurity firm Cloudflare states phishing — the use of scam emails, texts, or other communications designed to trick people into handing over sensitive information — is both the most dominant and fastest-growing form of digital crime.
Identity deception messages, like those highlighted by the ATO, are of considerable concern.
They increased from 10.3% of all threats detected in 2022 to 14.2% in 2023, Cloudflare states.
Those losses are not isolated to individual taxpayers, either, with experts warning of profound consequences for business leaders who unknowingly hand sensitive information over to impersonation scammers.
“Phishing is an epidemic that has permeated into the farthest corners of the internet, preying on trust and victimizing everyone from CEOs to government officials to the everyday consumer,” said Matthew Prince, Cloudflare CEO.
At home, initiatives like the $23.4 million Cyber Wardens scheme have been established to help small business owners take practical steps to avoid scam losses.