Tax time can be an exciting period for many individuals as it presents the opportunity for a tax refund. However, it is also a prime time for scammers who seek to deceive unsuspecting victims and steal their money.
In Australia, scams result in significant financial losses each year. In 2023, Australians reported losses exceeding A$2.7 billion, although this figure represents a slight decrease from the previous year’s losses of $3.1 billion. Despite the reduction, there are still millions of victims who have suffered at the hands of fraudsters.
One prevalent type of scam is impersonation scams. According to Scamwatch, 70% of reported scams in 2023 involved impersonation. Many of these scams were associated with the Australian Taxation Office (ATO) and myGov.
Impersonation scams occur when offenders pretend to be someone or something they are not. They may pose as family members, friends, banks, well-known retailers, or government departments like the ATO. By adopting the identity of a trusted organization, scammers increase their chances of success, as people are more likely to engage with familiar entities.
The ATO holds a powerful status as a government agency, and individuals are unlikely to ignore its messages, particularly during tax time. Scammers exploit this by impersonating the ATO and targeting individuals through their myGov accounts.
myGov serves as a gateway to various government services, including Medicare, Centrelink, My Health Record, the National Disability Insurance Scheme, and the ATO. Gaining access to someone’s myGov account provides scammers with a wealth of personal information, enabling them to potentially commit identity theft or engage in direct fraud. Offenders can change bank account details, redirect refunds, and even submit false tax returns or medical claims to obtain fraudulent funds. As the legitimate account owner, individuals may not immediately detect these fraudulent activities.
Recent reports have highlighted instances of repeated login attempts on people’s myGov accounts, indicating potential scamming activities.
A myGov scam typically resembles a phishing attempt, which individuals encounter frequently. While the wording may vary, the objective remains the same: to acquire personal information. Scammers send text messages and emails pretending to be from the ATO, claiming that a refund is available if the recipient clicks on a provided link. They may also create a sense of urgency by flagging a problem with the recipient’s tax return or bank account and urging immediate action through a link. Another tactic involves sending a neutral message stating that a new message awaits the recipient, accompanied by a link.
Regardless of the message’s content, the goal is to direct individuals to a fake website that appears genuine. If individuals enter their myGov details on such a site, scammers can capture their login information and access their actual myGov accounts.
If someone falls victim to a myGov scam, there are steps they can take to mitigate the damage. They should change their password and review their account settings if they still have access to their myGov account. Checking bank accounts for any suspicious transactions or withdrawals is crucial, and individuals should contact their bank or financial institution immediately if they notice any unauthorized activities. It is also advisable to reach out to any other organizations linked to the myGov account to determine if any unauthorized actions have occurred. For individuals who have experienced identity crime and lost personal information, IDCARE, the national support center for identity crime victims, can provide personalized assistance and a response plan.
To safeguard their myGov accounts, individuals should refrain from clicking on links in text messages or emails that prompt them to log in. Instead, they should independently access their accounts using information obtained separately from any text or email. Reviewing security settings is essential, as there have been reports of repeated login attempts on myGov accounts. Using a unique eight-digit myGov username for logging in can be safer than using an email address. Enabling multi-factor authentication, such as receiving a text message code in addition to an online login, adds an extra layer of protection. It is crucial to remain vigilant when it comes to all communications, as not everything may be as it seems. Individuals should be skeptical and conduct their own checks to verify the authenticity of presented information.
It is important to openly discuss and raise awareness about these scams with family and friends. By breaking the silence and shame surrounding these schemes, individuals can increase their knowledge and protect themselves and others from falling victim to fraudsters.