Once again, everyone’s favourite annually scheduled season has returned. Tax time scams continue to present a prime opportunities for threat actors. But in 2025, their methods have evolved. With increasingly convincing AI-enabled phishing attempts, sophisticated use of stolen data, and highly personalised scam content, Australians need to remain alert.
Tax Time Scams: What’s Changed Since 2024?
While tax scams are nothing new, this year has seen a notable rise in identity-based fraud and account takeovers. Threat actors are no longer just sending fake messages—they’re gaining access to accounts and filing tax returns on behalf of victims with disturbing accuracy.
Key scam characteristics in 2025 include:
- Highly convincing ATO impersonation via AI-generated emails and SMS
- Increased use of stolen personal data to bypass identity verification
- More frequent targeting outside the July–October window, catching people off guard
- Multi-step scam chains combining phishing, phone calls, and fraudulent support impersonation
- 300% rise in ATO impersonation scams, according to an official report by the ATO
ATO Account Compromise is on the Rise
One of the most damaging scams involves gaining access to a person’s myGov or ATO account, lodging a false return, and rerouting the refund to alternate bank accounts. Victims often only realise what’s happened after receiving a refund notification—or no notification at all.
These scams typically begin with a phishing message impersonating ATO staff, designed to capture login credentials. From there, threat actors may:
- Change contact details
- Add a new bank account
- File a tax return without the person’s knowledge or consent
The ATO has also warned that scammers are exploiting the rebranding of myGovID to myID, sending illegitimate emails asking users to reconfirm their details due to the name change. According to ATO reporting in 2024, thousands of these incidents were recorded—and early 2025 data suggests the trend is continuing.
Operation Protego: A Large-Scale GST Fraud
The ATO has launched a major investigation into widespread GST fraud, known as Operation Protego. This scam typically involves individuals:
- Creating fraudulent or non-existent businesses
- Lodging illegitimate Australian Business Number (ABN) applications
- Submitting false business activity statements to claim GST refunds fraudulently
This isn’t just relevant to legitimate business owners who need to be aware of potential risks when forming partnerships—it also highlights that scam activity is increasingly domestic, not just international.
As the ATO puts it:
“You need to check the facts – nobody is giving money away for free or offering loans that don’t need to be paid back.”
How to Protect Yourself
Scam messages can look extremely convincing. That’s why the safest approach is to verify, not trust. Scammers are more likely to send phishing emails or SMS messages in the early hours of the morning to catch victims off guard—so it’s vital to stay alert throughout tax season.
Key steps to stay protected:
- Don’t click on links in messages claiming to be from the ATO—visit ato.gov.au manually
- If you receive a phone call, hang up and contact the ATO using their official number
- Enable multi-factor authentication (MFA) on your myGov and linked email accounts
- Monitor your ATO account regularly, not just during tax time
- Report suspicious activity to the ATO’s official scam reporting service
- If you’re in a business setting, brief your finance and HR teams—these departments are often targeted with refund or payroll-related scams
Want More Information?
- Visit the ATO Scam Alerts page
- Read our articles on “Tax Time Scams in 2024” and “EOFY and Tax Time Scams”
- Contact us to strengthen your internal defences, including Security Awareness Training
0 Comments