Cyber Alert – Tax Time

Watch out for the “tax man”

The recent passing of 30 June, means it is that time again, in which we attempt to gather together our receipts and records in order to complete a tax return. For a lot of us this also means expecting a nice tax refund payment in the coming weeks.

During this time, one could expect to be contacted by the Australian Taxation Office (ATO) seeking confirmation or supporting documentation in relation to a claim submitted. Unfortunately, this is one of the ways scammers are targeting vulnerable individuals for their money and personal information.

Phishing emails remain a popular tool for scammers to utilise, however these types of attacks are not limited to email communications and there is a need to be even more vigilant to suspicious phone calls, text message communications and approaches via social media platforms.

Scam emails are designed to look like they are sent from the ATO, however may include subtle inconsistencies in the messaging.


What are the types of scams and key red flags to look for?


  • Be wary of unsolicited calls (these may appear as a private number or an Australian number)
  • Some calls may be a prerecorded message
  • Threatening or abusive behaviour is an immediate red flag


  • Illegitimate email addresses
  • Not addressed to you by name
  • Grammatical/spelling errors
  • Offering money
  • Requesting the download of files or clicking of links

Text message

  • Appears to be sent from a contact called the ‘ATO’
  • Message may contain hyperlinks to fake websites and log-in pages
  • Offers the recipient access to their refund
  • Requesting TFN and bank account details

Social media

  • Contacted by an account appearing to be the ‘ATO’ via messaging applications
  • Requesting recipient to click on a link or open a downloadable file
  • Requesting TFN and bank account details


What to look out for to help protect yourself from these types of scams?

1. Is the communication abusive or threatening?

You will not be subjected to abusive communication from the ATO nor should any communication contain threats against you or your family.

2. Is the communication seeking immediate payment from you?

While the ATO may seek payment from you in relation to a legitimate tax debt, you should note that you will never be asked to:

  • transfer money to an account with a BSB not held with the Reserve Bank of Australia;
  • pay via gift cards, prepaid cards or any other unusual payment method; or
  • provide payment in order to receive a tax refund.

3. Is the communication seeking personal information via email, text message or social media?

The ATO will not message you via email, text message or social media requesting your personal information, tax file number or credit card details.

4. Does it sound too good to be true?

Recent scams have also been providing recipients with options to access their superannuation early or financial incentives through investment opportunities.

5. Does the email contain links that request personal information?

Even if the email appears realistic be cautious of any link you click on. Phishing web sites often copy the entire look of a legitimate web site, such as the ATO, making it appear authentic. To be safe, call the ATO first to see if they actually sent the email to you.

Businesses should not request personal information to be sent via email.


Concerned about a scam?

If you receive any type of communication from someone you believe is impersonating the ATO, there are a number of options available including:

  • Contact the ATO by phone on 1800 008 540 to verify the contact you received is legitimate.
  • Forward any suspicious email to – however do not click on any links or attachments.
  • Delete the communications immediately.

If you have any concerns relating to information and/or money you may have provided to someone supposedly from the ATO the following steps are recommended:

  • If you have provided your TFN to a suspicious contact call the ATO’s Client Identity Support Centre on 1800 467 033.
  • If you have made a payment to a suspicious contact, make a report to the police and your financial institution.

Scam websites are designed to look legitimate. It is often common for scammers to replicate legitimate websites to entice persons to disclose their personal and financial information.


Wade Garrard

Wade Garrard
Senior Manager, Brisbane
T: +61 7 3333 9826
E: wgarrard