Long ago, in a decade far, far away from 2024, you could set your clock to when scam emails would hit your inbox. Christmas time for delivery scams and tax time for tax scams. It made sense: Christmas was when everyone was sending and receiving parcels, and July through to October, well, it is when we prepared, submitted and waited patiently for our refunds to come in or our debt to be called upon. Life was simple back then, well… somewhat simple.
These days, we are flooded with scam texts, emails, and phone calls concerning imminent parcel deliveries, or lack thereof, if we do not respond. However, as the saying goes, there are two things for certain: death and taxes, which should come as no surprise to read, that tax time still means tax scams.
In a recent publication by the CBA, one in three Australians are failing to identify a tax scam with one in four Australians surveyed having been exposed to a tax-related scam. Although the exact details of the study are limited (YouGov research comprised of a nationally representative sample of 1,023 Australians aged 18 and above, conducted online between 20 May and 23 May 2024), the data still paints a bleak picture. There is a good chance you or someone you know, is going to get scammed!
You would think our best defence against this scam would be to ignore any messages from the ATO, right? Wrong! Just when you thought it was safe to ignore all tax-related messages, threat actors have found another way to complicate things. The ATO has reported over 3,000 cases of threat actors submitting people’s tax returns for a refund – and the victims are not finding out until they receive a text message from the ATO regarding a refund they know nothing about!!! All avenues point to ignoring the message, the only problem is, if you do, then the chances are someone has just used your account for fraud. I know, it is all very complicated.
In a recent Nine News article, it was revealed that threat actors ‘hack’ (I use this term lightly as it usually means they had a username and password), into a persons account, lodge a fake tax return, change the victim’s email and home address and create a bank account for the funds to go into. A few alarm bells go off for me here. For example, why are there no rules to alert the ATO when multiple changes have occurred on a person’s account consecutively? You would hope they would have some type of technology and alerting in place for this.
This is not a new scam and has occurred in recent years. From my research, it looks like the fraud occurs on the back of the victim responding to a fake message from the ATO at the start of the scam, giving the threat actor access to everything they need to make the scam work. So, I guess that means we are back to ignoring messages from the ATO? See, I told you it was all very complicated.
Another interjection for you: tax time scams, although most prominent between July and October, can be sent any time during the year. I know it’s annoying, right? If you have a look at the Australian Taxation Office’s (ATO) Scam Data page, apart from informing us that tax scams are up over 30% in May 2024 from May 2023, they report tax scams occurring every month.
For recent examples of tax time scams, you can visit the ATO scam alerts page. Or just google ATO scams and you will get your share of examples.
So, if we have this right, we have to ignore text messages from the ATO, but at the same time, we must be wary that the messages may be legitimate and that threat actors have taken over our accounts. Like superannuation, we tend not to check our accounts until specific times. We tend to check superannuation when we retire or get closer to retiring, and we look at tax around tax time. We would not necessarily know if anything is happening with our accounts outside of these times unless the institution picks up on some fishy behaviour. What do we then do? We can put alarms in our phones and check our ATO accounts each week, which seems a little tiresome, or we can simply go to the ATO website when we receive a text message or email to see if it is legitimate. This, too, can be a little cumbersome, but there is not much more we can do. It is up to us to safeguard our accounts, and if we think there is activity on our accounts, we need to check it out. The likelihood of a threat actor hacking the ATO is very slim, but the likelihood of a threat actor hacking us is not, and the chances of this happening to us or someone we know, improve dramatically.
To wrap up:
- Do not respond to text messages, emails or phone calls from the ATO
- If you receive any of these communications, then log onto the ATO website by entering ato.gov.au directly in your browser, not by clicking on any links provided to you.
- If it is a phone call purporting to be the ATO, then call the ATO back on the official ATO number.
Remember, it is easy to spoof an email, website address or phone number to trick us into thinking the message is legitimate.
To read more on tax time scams with examples, see my article from last year, or download our How to Avoid Online Scams PDF for more advice.
0 Comments