After logging into your myGov account, you find that your activity statements have been amended for the past 12 months, and a GST credit of $100k has been issued. However, you did not receive this $100k refund in your bank account. What should you do now?

myGov accounts are being used to access personal data, bank accounts are being changed, and confidential information is being exploited to produce fraudulent refunds amounting to hundreds of thousands of dollars. The worst part is that scammers have gained access to your account. This issue extends beyond just activity statements, any myGov service related to payments or refunds is a target. Scammers exploit the amendment period in tax law to adjust current data and influence refunds for goods and services tax, personal income tax, and PAYG instalments. Once scammers have successfully accessed your myGov account, they can cause significant damage. So, how does this happen, and how can you spot it?

Common scams use emails or SMS that copy communication you might expect to see. The following are lines used by tax-related scammers:

  • Fake warnings related to attacks on your account, and requiring you to follow the link and confirm your details.
  • You may be offered some form of reward like a tax refund by clicking the link to confirm and access
  • Copying common administrative notifications from the ATO like a new message accessible from a link.

Around 75% of all email scams reported to the Australian Taxation Office in March 2024 were connected to a fake myGov sign-in page.

How to spot a scam?

The first sign that something is wrong is when you receive warnings about activity on your myGov account. However, there are ways to spot a scam:

  • The ATO, myGov, and Centrelink never use links in messages. In case, you receive a link, it’s a fake.
  • The ATO doesn’t use QR codes to access your account.
  • The ATO never ask for your tax file number, your myGov login details, or bank account details over social media. Some scammers use fake social media accounts copying the ATO and other Government agencies.
  • The ATO doesn’t use pre-recorded messages to notify you to outstanding tax debt.
  • The ATO will not cancel your tax file number. Some scammers suggest that your tax file number has been suspended or cancelled due to criminal activity or money laundering, and then ask you to either pay a fee to make a correction or send money to a ‘safe’ bank account to protect you against your corrupted TFN.
  • The ATO will not start a conference call between you and your tax agents and someone from a law enforcement agency. In this case, just disconnect the call.
  • The ATO will also not ask you to confirm your details again because of security updates to myGov. The hyperlink, when clicked, takes you to a fake myGov web page that may seem convincing.

Don’t log in to your myGov account on free wifi networks.

Who is getting scammed?

According to the ATO, people who provide personal information easily to scammers are 25 to 34 years old. The younger generation could fall for investment scams. According to the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3), people below the age of 50 are the most reported victims of investment scams. In the 2023- 24 financial year, Australians reported losing $382 million to investment scams. Nearly half (47%) of the investment scam losses involved cryptocurrency.

What are other scams?

  • Investment scams

    • Pig butchering is a trick where scammers use weeks or months to build a close relationship with their target victims on social media or messaging apps, before influencing them to invest in the share market, foreign currency exchanges, or cryptocurrency. Scammers create fake platforms that look the same as well-known cryptocurrency and trading websites to convince victims to invest more money. The scammers will disappear after extracting money.
    • Deepfakes are impersonations of real-life people created by AI technologies. Scammers create images, video ads, and news articles of celebrities to promote fake investment schemes, which can be sent through their messaging apps or social media feeds.
  • Invoice scams

The details and names of legal businesses are used to issue fake invoices with the money transferred to the accounts of a scammer. These scams are linked to cyber breaches where hackers access your systems and identify your suppliers.

  • Bank scams

There has been a lot in media about individuals receiving phone calls claiming to be from their bank, suggesting them there is an issue with their account, and then suggesting a solution that involves sending all their money to a ‘safe’ scammer account. Victims state that they believed the scammer because they have their personal information. Your bank will never send a text message or email asking for financial or account details.