This Scams Awareness Week, detectives from the Cybercrime Squad are urging Victorians to be vigilant of scammers targeting myGov sign in details to commit tax fraud.
Scammers are attempting to fraudulently access linked government services during the annual rush to complete tax returns, before either generating fraudulent payments in the victim's name, or redirecting tax refunds to be paid into their own accounts.
Since 30 June of this year, Victoria Police has received over 300 reports, with a total reported loss of at least $2M so far.
Scammers use a variety of methods to compromise their victims' identities, including sending phishing email and SMS scams to impersonate government agencies.
These scams can contain links to fake myGov websites. Victims will be prompted to enter their details, unknowingly giving criminals access to their genuine myGov accounts linked to their ATO accounts. Once they have access, scammers are able to pose as the victim in order to commit fraud.
Scammers will use the cover of events such as annual tax time to lure potential victims. Common phrases currently being used by scammers include:
• 'You are due to receive an ATO Direct refund'
• 'You have a new message in your myGov inbox - click here to view'
• 'You need to update your details to allow your Tax return to be processed'
• 'We need to verify your incoming tax deposit'
• 'ATO Refund failed due to incorrect BSB/Account number'
• 'Your income statement is ready, click on the link to view'
Once the offenders have gained access to an account, they will often change phone and email contact details which can prevent the real user from receiving any notifications. They will then amend a tax return or other government payment, redirecting the funds to be paid into their own account.
Since 30 June of this year, Victoria Police has received:
• 180 reports of government payment redirection,
• 66 reports of unauthorised online account access (ATO or myGov),
• 48 reports of myGov SMS impersonation, and
• 15 reports of identity takeover (myGov account)
The 309 reports thus far equal a total reported loss of $2,056,841.
There are a number of steps users can take to protect themselves:
• Never click on a hyperlink that has been texted or emailed. The ATO and myGov won't send you an SMS or email with a link to access online services - always access these directly by typing ato.gov.au or my.gov.au into your browser.
• Use a Digital ID, such as myGovID, to access ATO online services through myGov and set your online access strength to the highest level you can achieve
• Enable multi-factor authentication where possible.
• Consider setting up a passkey such as facial or fingerprint recognition.
If you suspect someone is using your tax information illegally or has stolen your personal identity documents, contact the ATO as soon as possible on 1800 467 033. They will explain the safeguards that need to be applied to keep your ATO account safe.
Call Services Australia's Scams and Identity Theft Helpdesk on 1800 941 126 if you've:
• opened a link in a suspicious text message, email or social media message that pretending to be from Services Australia or myGov.
• given someone your myGov sign in details or other personal information.
• visited a website or downloaded a fake app that that pretended to be Services Australia or myGov.
Report any suspicious contact claiming to be from the ATO to [email protected].
There's more information about myGov scams and what to do if you have been affected by one at myGov scams | myGov
Scams that are not impersonating the ATO, myGov or a Services Australia brand can be reported to Report a scam | Scamwatch
Quotes attributable to Detective Senior Sergeant John Cheyne, Cybercrime Squad:
"We're encouraging everyone to be hypervigilant when it comes to scams such as these. Never click on a link sent to you that is purporting to be from the Australian Taxation Office or myGov, they will never ask you to access any online services via a link.
"Make sure you access your accounts through legitimate apps or via independent searches.
"We're also finding that victims are ignoring what are actually legitimate texts from organisations indicating their accounts have been accessed, thinking they are scams. If you receive a text like this, log in to your account via a legitimate app or an independent search and make sure everything is as it should be. Change your password and phone the ATO helpline if necessary.
"We'd also recommend you conduct a bi-yearly health check of your accounts. Check your credit score or log in to your myGov account to make sure no edits have been made throughout the year that weren't done by you.
"Account compromises such as these are often not identified until months after they've occurred, when the victim next logs in to their account.
"We encourage anyone who has been subject to a scam such as this to speak to police."
Anyone with any information on scam activity is urged to contact Crime Stoppers on 1800 333 000 or make a confidential report at www.crimestoppersvic.com.au