Cybercriminals love tax time and know just how to exploit the surge in financial activity and communication with government agencies.
New research from the Commonwealth Bank shows that almost one in three Australians cannot spot tax-related phishing scams. The ATO and National Anti-Scam Centre predict a staggering 400% increase in scam activity during this end-of-financial-year period.
This alarming surge in cybercrime emphasises the urgent need for individuals and businesses to stay on high alert to counter these sophisticated cyber scammers.
Impersonation Scams on the Rise
The most prevalent scams involve impersonating the ATO or myGov via email, text message, or social media. These attempts often include emails that appear to be from the ATO, asking you to update your tax details. Clicking on the links in these emails leads to fake login pages that steal usernames, passwords, and other sensitive information.
The tactics these scammers employ are evolving and becoming more sophisticated daily. Meticulously crafted emails mirror official ATO correspondence, and counterfeit social media accounts display ATO branding. Even SMS messages can blend seamlessly into legitimate conversation threads from these organisations, making them incredibly difficult to identify as fraudulent.
MFA Phishing
Another concerning trend is the rise of multifactor authentication (MFA) phishing scams. This is when cybercriminals send emails claiming the ATO requires an ‘MFA update’ for your account. MFA is an extra layer of security that requires not only a password and username but also something only the user has on them, such as a physical token or a fingerprint. The scam email might include a QR code or link to a fake myGov login page. Falling for this scam could compromise your account credentials and personal information.
Fake Tax Refund and Lodgement Scams
In addition to impersonation scams, Australians should be wary of fake tax refund SMS messages and email scams related to tax lodgement. These deceptive messages may claim ‘you’re owed a refund’ or provide fake lodgement details, enticing you to click on malicious links or open attachments that expose your device to malware or phishing attacks.
The ATO has been clear: they will never send SMS or email messages containing links to log into online services or request personal information through these channels. Any such communication should be treated as a scam.
Invoice and Payment Fraud Risks
As businesses rush to settle invoices before the end of the financial year, cybercriminals are also taking advantage of this rush of activity. Deceptive emails may trick individuals or companies into paying fraudulent invoices, diverting cash into the hands of scammers.
Protecting Yourself from Cyber Stingers
To avoid falling victim to these tax season scams, it’s crucial to remain vigilant and follow best practices:
- Stop and think before acting on any unsolicited communication, especially those containing links or attachments.
- Verify the legitimacy of any communication by contacting the organisation directly through verified channels, such as their official website or phone number.
- Never provide personal or financial information in response to unsolicited emails, texts, or phone calls.
- Keep your software and security measures up-to-date to protect against the latest threats.
- Educate yourself and others on the latest scam tactics to stay one step ahead of cybercriminals.
By remaining cautious and proactive, Australians can safeguard their hard-earned money and personal information from cyber stingers.
Synergy Secure Internet, powered by Cisco, provides enterprise-grade security for SMEs. Coupled with the Cybersecurity Assessment Report, you can have powerful protection for your digital assets and cyber resilience. If you need more information on what cybersecurity measures are necessary to protect your business identity, contact our team at Synergy.
Recent Comments