How to spot Phishing Emails posing as ATO
Tax season is here, and with it, there’s been a noticeable uptick in phishing emails. These scams, often pretending to be from the Australian Taxation Office (ATO), aim to get hold of your personal and financial information. At MKG Partners, your security is our priority. This guide is here to help you spot these sneaky emails and know what to do if you come across one.
What is Phishing?
Phishing is a cybercrime where scammers use emails or text messages to trick individuals into revealing personal information such as passwords and credit card numbers.
The Risks of Phishing Emails
Phishing emails aren’t just annoying—they can put your business at risk. If you fall for one, scammers can access your bank accounts, steal your identity, and even file false tax returns in your name. The good news is, spotting these emails is easier than you think.
Spotting a Phishing Email
Be Mindful of Suspicious Email or SMS Subject Lines
Keep an eye out for subject lines like: ‘Immediate Action: You Owe Tax’, ‘Important: Tax Refund Awaits’, ‘Alert: Missing Tax Return’
The ATO will not use sensational or alarming language to get you to act rashly. If you see such subject lines, it’s best to approach the email or SMS with skepticism.
Example of a phishing email impersonating the ATO. Source: Australian Taxation Office
Check the Sender
When you receive an email claiming to be from the Australian Taxation Office (ATO), the first line of defense is to verify the sender’s email address. Legitimate emails from the ATO will come from a verified domain that typically ends in ‘.gov.au.’ Don’t just rely on the display name; take a moment to hover your cursor over it or click to reveal the full email address. This is essential because scammers often use addresses that might appear trustworthy at first glance but show irregularities upon closer examination.
Additionally, be especially vigilant of emails that state they are ‘sent on behalf of’ a legitimate ATO email address. Cybercriminals are getting craftier, employing this tactic to make an email appear as if it is from a trustworthy source.
Example of a questionable email impersonating the ATO. Source: Scam Watch
The following is another phishing email that our staff received. While the name displayed suggests that it comes from our own domain, a closer examination of the email address reveals that it originates from ‘noreply@praxischool.com,’ with which MKG has no association.
Watch Out for Tricky Links
A legitimate email from the Australian Taxation Office (ATO) will not include hyperlinks that direct you to log in to your online services. Cybercriminals often use these “link traps” as a way to capture your login information or to lead you to a fake website where you might unknowingly enter sensitive information.
Always be cautious when an email asks you to click on a link to log in, especially if you didn’t expect to receive an email from the ATO. Instead, access your account by typing the official ATO website URL directly into your web browser. This ensures that you’re logging into the genuine site and keeps your information safe.
Pay Attention to the Language
If you receive an email claiming to be from the Australian Taxation Office (ATO) that uses aggressive language, threatening legal action, or demanding immediate payment, be cautious. Genuine communications from the ATO will not use scare tactics to get you to take quick action without thinking. These threatening messages are often a hallmark of phishing emails designed to make you act hastily and potentially compromise your personal or financial information.
Practical Steps to Take
- Avoid Clicks and Downloads: Don’t click on any links or download files from suspicious emails.
- Confirm with the ATO: If you’re not sure, call the ATO directly at 1800 008 540 to verify any claims made in the email.
- Report Suspicious Activity: Forward any dodgy emails to ReportEmailFraud@ato.gov.au.
Boost Your Security
Two-Step Verification
Always use two-step verification for your online accounts like myGov. It’s an extra layer of security that can help keep your information safe. When enabled, you’ll be required to enter a second form of identification—typically a code sent to your mobile device or email—before you can access your account. This makes it much harder for unauthorised users to gain entry, even if they’ve obtained your password.
Educate Your Team
Empower everyone in your business to recognize phishing emails. Learn more on verify and report scam on ATO website.
Check ATO Scam Alert
Regularly visit the ATO Scam Alerts website for the most current information on phishing scams targeting businesses and individuals.
What to do if your information is breached
If you suspect that your personal or financial information has been compromised, the first step is to alert your bank or financial institution right away.
If you believe your Tax File Number (TFN) has been compromised, immediate action is contact the Australian Taxation Office (ATO) at 1800 467 033 to report the breach. They can guide you through the process of securing your TFN and can also provide advice on other steps you should take.
Additionally, it’s crucial to report the incident to the Australian Competition and Consumer Commission (ACCC) through their ‘Report a Scam’ page. This aids in both alerting the public about existing scams and helps authorities in taking possible action. When reporting, make sure to include any evidence you have, such as emails or screenshots.
With scammers getting increasingly creative, staying vigilant has never been more critical. Always be cautious and scrutinise any unsolicited communications, especially during tax season. If you ever have questions or uncertainties, MKG Partners is just a call away. Your safety is our priority.