The Australian Taxation Office (ATO) has warned of an increase in SMS and email phishing attacks targeting taxpayers, News.com.au reports. The scams attempt to steal credentials or personal information in order to commit identity theft.
“This tax time, we're receiving an increased number of reports about several ATO impersonation SMS and email scams,” the ATO says. “These scams encourage people to click on a link that directs them to fake myGov sign in pages designed to steal their username and password. Scammers use many different phrases to try and trick recipients into opening these links.”
The scams inform users that they need to update their information to resolve an issue or receive a tax refund. The ATO has observed the following subjects used in these scams:
- ‘You are due to receive an ATO Direct refund'
- 'You have an ATO notification'
- 'You need to update your details to allow your Tax return to be processed'
- 'We need to verify your incoming tax deposit'
- 'ATO Refund failed due to incorrect BSB/Account number'
- 'Due to receive a refund, click here to receive a rebate'
The ATO says users should only enter information by going to its official website, and never send personal information via text or email.
“Do not open any links or provide the information requested,” the ATO says. “We won't send you an SMS or email with a link to log on to online services. They should be accessed directly by typing ato.gov.au or my.gov.au into your browser. While we may use SMS or email to ask you to contact us, we will never ask you to return personal information through these channels. Report any suspicious contact claiming to be from the ATO to ReportScams@ato.gov.au.”
New-school security awareness training can teach your employees to recognize social engineering tactics so they can thwart these types of scams.
News.com.au has the story.