Avast cyber security expert Stephen Kho warns of the most pervasive tax-related scams as the tax season approaches this year, advising Aussies to be extra vigilant of “tax-time scammers” in the coming months due to the uptick in fraudulent online activity.
In the next months, people across the country will be looking to lodge their tax claims which gives cyber criminals a prime opportunity to execute tax-related scams.
According to Stephen Kho, cyber security expert at Avast, cyber criminals are always looking for new ways to steal your data, personal details or money through increasingly sophisticated scams and online threats.
"We know these scams have been prevalent in high numbers over the last few years, so it’s important to be on the front foot and know what to look out for when it comes to identifying fraudulent activity online, especially around tax time where we are having conversations around finances with various institutions.
"The timeliness hook of tax time helps them seem more legitimate."
In April, the Australian Taxation Office (ATO) advised that scammers were using a new tactic that involved an offer to provide tax file numbers (TFN) and Australian business numbers (ABN) for a fee but failing to provide the service following a number of reports.
"The fake TFN and ABN services are often advertised on social media platforms like Facebook, Twitter, and Instagram.
"The advertisements offer to obtain a TFN or ABN for a fee.
"Instead of delivering this service, the scammer uses these fraudulent websites to steal both money and personal information," the ATO website stated.
The Avast security team added that scammers often pose as someone you know, or an institution you use and offer an easy "fix" to a problem you have in an "official-sounding way". Some scammers even give the victim a sense of urgency in order to pressure them to hand over their information to be "cleared of a financial issue".
In preparation for the influx of tax scams, Kho has shared three examples of prevalent tax scams to look out for, including ways to avoid them.
Fake tax preparers
Fake tax preparers claiming they can do your tax return fast and for a low price.
These fake tax preparers often operate by accessing the myGov accounts of their clients and lodging their tax returns through the ATO’s myTax web portal, or taking your personal details and your payment, and then disappear.
How to avoid this scam:
- Check that your tax preparer is registered on the Tax Practitioners Board (TPB).
- They may display the TPB logo on their website, but you should still double check to ensure they are legitimate.
- Never share your myGov password with anyone as sharing your information (such as your myGov password) with an unregistered practitioner puts your personal and financial affairs at risk.
- Set-up your myGov account to use two factor authentication, use either the myGov Code Generator app or receive a code by SMS when logging in in order to further protect you from unauthorised access to your myGov account.
ATO phishing scams
The main aim of the ATO phishing scams is to trick you into giving them your sensitive information.
These scams work by impersonating a trustworthy and reputable company or individual to gain access to information such as usernames, passwords or credit card numbers.
In an Australian Taxation Office (ATO) phishing attack, the recipient will typically receive an "urgent" email, SMS or automated phone call claiming to be from the ATO with instructions to follow a link to log in or make a payment on an outstanding tax debt.
How to avoid this scam:
- If you receive a phone call, SMS, or email from the ATO, don’t click on links to log in to your account, send payments or provide any personal information.
- The ATO will never threaten you with immediate arrest, demand payment, or suspend your TFN; if you're not sure if it's the ATO contacting you, phone them directly using the phone number on their website to check.
- It's also worth installing a digital security product to protect you from any malicious software that you might download from a tax scam email.
- Using a VPN solution in the desktop browser to defend against malicious threats when browsing the internet can also help.
Business email compromise scams:
Emails posing as the CEO, director, or a payroll provider are known as business email compromise scams.
In a business email compromise scam, attackers target those with financial-related roles and sometimes even employees. Scammers then send emails asking for copies of payroll details or PAYG payment summary forms, which include all the personal information a cyber criminal would need to steal someone's identity.
These emails start with a friendly greeting before getting to the request, attempting to put those targeted at ease before asking for the forms or details.
How to avoid this scam:
- If you work for a company, make sure to strictly follow your company’s payment authorisation/approval process.
- Never send tax information electronically without first verifying with the sender in person or on the phone that they sent the request in the first place.
- It’s worth taking the extra precaution, as the likelihood of this type of scam increases during tax season.