The Australian Tax Office (ATO) is warning about an email scam where criminals impersonate ATO representatives to steal personal information.
The ATO has identified several tactics used by scammers in these phishing attempts. These emails often appear to come from legitimate ATO or myGov addresses, making them seem credible. They typically use urgent language to prompt immediate action, such as claiming that the recipient’s taxable income has been recalculated and they are due compensation.
Additionally, recipients are asked to provide sensitive information like payslips, Tax File Number, driver’s licence, and Medicare details to claim the supposed compensation. Scammers use this information in a variety of ways to:
- Commit refund fraud in your name by filing false tax returns to claim refunds.
- Access your myGov account to steal your tax refund by using your details to log in.
- Steal your superannuation by accessing and withdrawing your superannuation funds.
- Sell your identity by selling your personal information to organised crime groups on the dark web or through other means.
Tips to help you identify and protect against this scam:
- Do not reply with any of your personal information if you receive an email like this.
- The ATO will never send unsolicited messages asking for personal identifying information through SMS or email.
- Know your tax affairs – legitimate email communication from the ATO can be found in ATO online services. Verify this by logging into your myGov account or contacting your tax agent or the ATO directly.
- Be cautious if someone claiming to be from the ATO contacts you about a debt or refund, or asks for your myGov sign-in credentials, bank details, or personal information such as your TFN. It is likely they are a scammer.
- Do not click on links, open attachments, or download files from suspicious emails or SMS; the ATO will never send an unsolicited SMS containing a hyperlink.
How to spot a phishing email
To protect yourself, remain vigilant for the following red flags that indicate a scam email:
- Unusual or suspicious sender email address: The sender’s email address may not match the organisation they claim to represent. For example, a scam email may use an @gmail domain instead of an @ato.gov.au domain.
- Spelling and grammatical errors: Professional organisations typically do not send communications with spelling mistakes or grammatical errors. Unusual language may also be used in the message.
- Generic greetings: Scam emails often use generic greetings like ‘Dear customer’ or ‘Greetings employee’ instead of addressing you by name.
- Lack of professional signature: A legitimate email from an organisation will usually include a professional signature block with the sender’s contact information.
- Urgent requests: Phishing emails often create a sense of urgency, such as ‘Your account will be locked!’ or ‘Immediate action required!’ to prompt you to click on a link or provide information.
- Unsolicited emails: If you receive an email from an unknown sender or organisation, treat it with suspicion. Verify the email by contacting the organisation directly using a known phone number.
If you’re unsure if the contact is genuinely from the ATO, call the ATO directly on 1800 008 540 to verify. Report any suspicious contact claiming to be from the ATO to ReportScams@ato.gov.au.
