Picture this: You log into your myGov account and find that your activity statements for the past year have been altered, with $100k in GST credits issued. But you didn’t do this and certainly didn’t receive $100k in your bank account. The urgency of the situation hits you. What’s the next step?
In what has become an alarmingly common occurrence, myGov accounts are being targeted for their wealth of personal data. Scammers alter bank account details and use personal information to create fraudulent refunds – sometimes reaching hundreds of thousands of dollars. To the tax office, it appears as if you’re the culprit. The most distressing part? You likely unwittingly gave the scammers access to your account.
And it’s not just activity statements at risk. Any myGov-linked service capable of issuing refunds or payments is being targeted. Scammers exploit the amendment periods in tax law to alter data and generate refunds through personal income tax, GST, or variations in PAYG instalments. In some cases, their knowledge of Australia’s tax and social security systems is alarmingly advanced.
Once these scammers have infiltrated your myGov account, the potential damage they can inflict is significant. This should serve as a stark reminder of the importance of vigilance.
How Does This Happen?
Unfortunately, humans are often the weakest link in these scams. Tax-related scammers commonly use:
- Fake warnings about attempted attacks on your account prompting you to click a link and confirm your details.
- Opportunistic baiting with the promise of a reward, like a tax refund, which requires you to click a link to claim it.
- Mimicked notifications from the ATO, such as a new message accessible via a link.
By March 2024, around 75% of all email scams reported to the ATO were tied to fake myGov sign-in pages.
How to Spot a Fake
The first sign of a problem is often an alert about suspicious activity on your myGov account or a change in your details. Ironically, these alerts may be how scammers gained access in the first place. However, there are a few key things to look out for:
- The ATO, Centrelink, and myGov never use hyperlinks in their messages. If you see one, it’s a scam.
- The ATO won’t use QR codes to access your account.
- They will never ask for your tax file number (TFN), bank details, or myGov login info via social media. Scammers often impersonate the ATO or other government agencies to collect your details on social media. The ATO will never send you a direct message on social media. As ATO Assistant Commissioner Tim Loh says, “It’s like giving a stranger your house keys and watching them change the locks.”
- You’ll never receive a pre-recorded message from the ATO about outstanding tax debt. Nor will they cancel your TFN.
- The ATO will not set up a conference call between you, your tax agent, and law enforcement.
Always log directly into your myGov account to check messages rather than clicking on links. Never, under any circumstances, log in using free public Wi-Fi.
Who Is Getting Scammed?
There’s a common belief that older, less tech-savvy people are the most vulnerable. While that’s true to an extent, scammers target all age groups. The ATO reports that those aged 25-34 are the most likely to have handed over personal information to scammers.
Interestingly, younger Australians are also more likely to fall victim to investment scams. The AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) found that people under 50 are now the most frequent victims of such scams. Australians lost $382 million in the 2023-24 financial year – nearly half of the losses involved cryptocurrency.
Other Types of Scams
Scammers are always looking for ways to take money from you. Here are a few more scams to be aware of:
- Investment Scams
“Pig butchering” scams involve scammers building a close relationship with victims over weeks or months via social media or messaging apps. They then convince the victim to invest in what appears to be legitimate markets like shares or cryptocurrency. In reality, the funds are funnelled into fake platforms owned by scammers, who disappear with the money once they’ve squeezed out as much as possible.
- Deepfakes
Scammers use artificial intelligence to create compelling fake videos or images of celebrities or public figures, promoting fraudulent investment schemes. These can be hard to spot, but unusual pauses or odd facial movements can be a giveaway.
- Invoice Scams
Scammers hack into business systems, using legitimate business names and details to send fake invoices. When paid, the money goes straight to the scammer.
- Bank Scams
Scammers impersonate bank representatives, calling victims to say there’s a problem with their account and instructing them to transfer money to a “safe” account – which belongs to the scammer. Many victims are tricked because the scammer has access to enough personal information to seem legitimate.
Remember, your bank will never ask for account details via email or text message and will not ask you to transfer funds into another account for security reasons.
What to Do if You’ve Been Scammed
If you think you’ve fallen victim to a scam, act fast:
- myGov Scams: If you’ve downloaded a fake myGov app, given your details to a scammer, or clicked a suspicious link, contact the Services Australia Scams and Identity Theft Helpdesk on 1800 941 126.
- Tax Scams: Before following any suspicious instructions, contact us to verify the information. If you’ve already acted, contact the ATO to report or verify a scam on 1800 008 540.
If you believe any of the scams mentioned above have targeted you or have concerns about the security of your accounts, we are here to help. Your financial security is of utmost importance to us, and we are committed to providing you with assistance and guidance. Please reach out to our team at your earliest convenience so we can work together to ensure the safety and integrity of your financial information.