Home / News / Client cyber safety: ATO fraudulent activity

Client cyber safety: ATO fraudulent activity

Client cyber safety: ATO fraudulent activity

Fraudulent cyber activity is on the rise in Australia, with a notable increase in scams targeting the ATO.  These scams often involve text messages, requests for personal information, and impersonation of myGov services, aiming to deceive clients and compromise their information.

Your myGovID

myGovID gives you access to online services with the Australian Tax Office (ATO), however, your
myGovID is not immune to identity crime.

More and more frequently, identity thieves are impersonating myGovID users, including our clients, and
gaining access to records with the ATO. This may result in incorrect tax returns being lodged or your
tax refunds being redirected to unauthorised accounts. In these instances, there has been a significant
and disruptive impact on our clients.

The ATO has advised that myGovID users need to increase the security of their myGovID. If you
have an Australian passport (expired no more than 3 years) you should verify it along with your photo.
Verifying your photo is a real-time, one-off face verification check that scans your face to check you’re a
real person, and verifies that you are the right person. This will increase your identity strength by
providing you with added security and access to more online services.

The ATO’s top tips for protecting your myGovID include:

  • Use a personal email address when setting up your myGovID. If you have already set up your myGovID with a business email address, you can change it here
  • Protect your personal email account. Use strong and secure passwords for your personal email account and protect it with multifactor authentication (MFA)
  • Keep your smart devices secure. Enable built-in security features in your device such as fingerprint or face recognition and do not leave your devices unattended.
  • Turn on notifications for myGovID. This can be done in the app settings to ensure
    you receive verification notifications when accessing online services
  • Check myGovID setups regularly. You can now view a summary of each time your
    myGovID has been set up. Information on how to view your set up history can be found here.
  • Protect your identity documents. Avoid storing images of identity documents or document/card numbers in any email folders.

Fraudulent transactions

To avoid fraudulent activity, and to make sure you are as safe as possible, we recommend that you use:

  • Secure, unique passwords for financial institutions as well as email services
  • Two-factor authentication and biometric authentication where possible (face ID, fingerprint scanner)

If you believe you have been the victim of fraudulent activity, we recommend the following actions:

  • Contact the police and the ATO Client Identity Support Centre (1800 467 033)
  • Report the fraud to the Australian Cyber Security Centre (ACSC)
  • Notify key organizations (banks, insurance, employers)
  • Monitor bank statements
  • Update all passwords
  • Add two factor authentication wherever possible
  • Consider a temporary credit freeze to prevent further fraud

All suspected fraudulent activity needs to be reported to the ATO immediately:

  • If the refund has not been transferred, we may be able to stop the bank transfer and lodge a replacement return
  • If the funds have been transferred, the remediation process becomes more complex – negotiations with the ATO become more involved and the outcome is dependent on the case and the amount involved.

Next steps

If you suspect the security of your myGovID has been compromised, you need to report this immediately by contacting the myGovID support line on 1300 267 538. If you have any addition concerns and would like to learn more about cyber security, speak with your local Nexia Advisor today.