Cybercriminals and ATO scams

100% human

It is the time of the year when cybercriminals pose as the ATO. They want to cheat you out of hard earned cash. ATO scams are rife.

According to Norton research, over 200,000 Australian small businesses were victims of cyber threats in 2017.

Cybercrime now costs Australian SMBs an average of $10,299 in the last 12 months. Alarmingly, almost one-in-three cybercrime victims thought they had a low-to-very-low risk of it happening to them.

Common ATO scams during tax time include scammers sending suspicious communications from the Australian Taxation Office (ATO) or Centrelink in the form of

  • Emails
  • Faxes
  • SMS
  • and phone calls.

These are all socially engineered to trick SMBs into handing over money or personal details. Data is the new gold!

Common appeals include

  • You may receive to a refund but, there is a small problem
  • Late tax form lodgment
  • So-called debt collectors chasing so-called late payments
  • And anything else that business commonly forgets to do

If you think you have been a victim of ATO scams, report it immediately to the ATO  here.

GadgetGuy asked Mark Gorrie, Norton security expert his opinion.

Five ways to avoid cybercriminal ATO scams

  1. The ATO may use letters, email, phone calls, or SMS to contact you for several reasons, including to remind you of a payment that is due. The ATO will never ask you for your Tax File Number or bank details via email or SMS; they will never contact you using social media sites like Facebook or Twitter to ask for your personal information; nor send you an email from an unsolicited email address or provide your personal information to anyone without your consent. The ATO may phone you. But it will never threaten jail time or ask for a pre-paid card to pay.
  2. If you receive a phone call from someone claiming to be from the ATO, take down their information and call the ATO’s office to validate their identity and their request. You can also report suspected scam email by forwarding them to
  3. Key tell-tale signs that an email may be illegitimate include: incorrect logos within the email; the communication does not address you as the recipient by name; it is not from a legitimate sender; is unexpected; the message contains poor grammar; and/or, the email asks you to click a link that appears to lead to a government website but when hovering over the link it does not lead to an address.
  4. If you know you don’t have debt with the tax office, then an email or phone call that states otherwise cannot be real. Monitor your credit cards for unauthorised charges, as well as your credit report for new accounts that you didn’t open. Fraudulent activity may indicate that you’re at higher risk of further fraud, including stolen tax refunds.
  5. Many consumers use an e-filing service to file their taxes. If that’s you, one of the best ways you can protect yourself is to make sure your internet connection is secure and not a publicly available network. If you are not sure about the security of your internet connection, use a VPN. It’s an easy way to protect your data. Almost like a secret code that only you and your VPN share.

Five ways to secure your computer

  1. Using software to protect your home and business network is the first line of defence against attempts by criminals to steal or compromise your personal information.
  2. Apply all patches for your operating system and any third-party applications. This ensures that your computer isn’t at risk in a malicious spam campaign that uses known software vulnerabilities.
  3. Store copies of important documents like tax return off-line. Shred draft documents and tax notes you no longer need. Any data kept online may be hacked.
  4. If you’re not expecting a tax refund from the ATO, then one won’t magically appear.
  5. Use Tax Time as an annual reminder to ensure your online security software and processes are up to date. As a reminder, security subscriptions receive a 100% immediate deduction for small businesses.

GadgetGuys’s take – ATO scams are real and persistent

Twice recently so-called debt collectors threatening all manner of ills if I don’t pay up back-taxes have been in contact. As per Mark’s advice I know all my tax liabilities, I always pay them ahead of time, and I use an external accountant, so I never have discussions with the ATO.

One debt collector was persistent. First a polite email. Next a threatening one. Then calling me. I then played along just for interest.

Long story short I ‘agreed’ to pay up but first I would need remittance advice from the ATO. Low and behold it turned up looking all official on the distinctive ‘pink’ ATO form.

But the B-Pay biller code was not 75556 (ATO) but another with the words Debt-collection for the Australian Office of Tax. Come in spinner!

Be aware of ATO scams at this time of year. And use Norton or a paid internet security suite.