Scammers Impersonate the Australian Tax Office



Australian Tax Office ScamThe Australian Taxation Office (ATO) has warned of an increase in SMS and email phishing attacks targeting taxpayers, News.com.au reports. The scams attempt to steal credentials or personal information in order to commit identity theft.

“This tax time, we're receiving an increased number of reports about several ATO impersonation SMS and email scams,” the ATO says. “These scams encourage people to click on a link that directs them to fake myGov sign in pages designed to steal their username and password. Scammers use many different phrases to try and trick recipients into opening these links.”

The scams inform users that they need to update their information to resolve an issue or receive a tax refund. The ATO has observed the following subjects used in these scams:

  • ‘You are due to receive an ATO Direct refund'
  • 'You have an ATO notification'
  • 'You need to update your details to allow your Tax return to be processed'
  • 'We need to verify your incoming tax deposit'
  • 'ATO Refund failed due to incorrect BSB/Account number'
  • 'Due to receive a refund, click here to receive a rebate'

The ATO says users should only enter information by going to its official website, and never send personal information via text or email.

“Do not open any links or provide the information requested,” the ATO says. “We won't send you an SMS or email with a link to log on to online services. They should be accessed directly by typing ato.gov.au or my.gov.au into your browser. While we may use SMS or email to ask you to contact us, we will never ask you to return personal information through these channels. Report any suspicious contact claiming to be from the ATO to ReportScams@ato.gov.au.”

New-school security awareness training can teach your employees to recognize social engineering tactics so they can thwart these types of scams.

News.com.au has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews