It seems as though every year, as people gear up for tax time, there’s a new type of fraud or cyber-attack that crops up. Scammers apparently just love taking advantage of how busy people are, and how badly people want to do the right thing when it comes to dealing with government authorities like the Tax Office.
Unfortunately, this year is no exception. Security industry commentators have already predicted a variety of new scams targeted at Australian taxpayers. In February this year, the ATO warned of a number of scams including a fake BAS notification email containing a link that, when opened, would download some rather scary malware.i Anonymous web-based SMS services now allow would-be scammers to ‘phish’ for potential fraud victims with even more specificity.
Scam emails, phone calls and other messages have varying levels of sophistication. For example, messages from obviously wrong email addresses are a fairly clear tip-off that something’s not quite right. But many cybercriminals use advanced masking techniques, good formatting and a generally fair level of English. The most vulnerable potential victims are still those who may not be experienced or capable enough to spot the warning signs but as scams become increasingly more sophisticated it pays to be alert.
A surprising number of people each year become victims of fraudsters and criminals who combine ‘traditional’ fraud with cyber-attacks, such as in the case of ransomware. They may lose a couple of hours valuable time debugging their computers. Or, they may be fleeced of tens of thousands of dollars that goes to criminals’ accounts (often overseas), never to be seen again. In fact, the ACCC reports that in 2016, Aussies lost nearly $84 million across all scam types. Over 155,000 incidents were reported to the authorities.ii
Ways to protect yourself against fraud:
One simple thing to be aware of is that the ATO will never contact you asking for personal details or credit card information. You will never be emailed a request for payment. Instead, you’ll usually get an official letter sent to your registered postal address, or a notification asking you to log in to your secure myGov account to view a message. This means you can be relatively sure that any text or email you receive purporting to be from the ATO is false. If in doubt, call the ATO’s official numbers and ask if they’ve sent you anything recently.iii The same principle generally applies to other government agencies and regulators.
If you receive a message purporting to be from an organisation you deal with – the ATO, your default super fund, a payment processor or bank – think about the way you normally communicate with that organisation. For example, if you usually speak to your payroll company quarterly and usually via a letter and phone call, be wary of a random email or text message, especially if it asks for personal details. Be even warier if you get an unsolicited email or phone call from an organisation you’ve never dealt with asking for personal details, a payment, or access to your computer.
Thanks to technology, criminal organisations can change tactics and set up a new ‘campaign’ in just days. Make sure you’re up to date with the latest tactics so you know what to look out for where possible. It’s a good idea to sign up for the ATO’s Scamwatch Radar service.iv
Follow these few simple steps and trust your instincts if an email or phone call seems suspect and you’ll avoid becoming ‘just another scam statistic’ at the end of the financial year.
iii Find the correct number for your enquiry at https://www.ato.gov.au/about-ato/about-us/contact-us/phone-us/