One of the unintended consequences of ATO’s aggressive war on tax fudgers and dodgers has been the increase in tax scams. Preying on taxpayers’ fear of costly tax audits and penalties, the scammers are using emails, phone calls and text messages to dupe people into paying them vast sums of money.
They obtain taxpayers’ personal details and use a mix of social engineering and bully tactics to try and dupe Australians into handing them over their personal data, banking details and Tax File Numbers. They will subsequently use these details to scam either the taxpayer or the ATO with fraudulent claims and tax refunds. In 2017 alone, there are more than 81,000 tax scam reports.
Social engineering and phishing scams
Scammers generally target unsuspecting public just around tax time when tax matters are likely to be uppermost in people’s minds. They may target users through email or phone calls and often the story will be the same. They will present themselves as ATO officials following up on unpaid taxes or some tax fraud. To make the ruse as convincing as possible, they may even impersonate some high ranking ATO official or quote some tax regulations.
How do they steal your money?
The scammers want to gain your confidence so you can lower your defenses and divulge to them sufficient personal financial details that will make it possible for them to steal your cash. They will give you a fake ATO bank account where you can wire your money or they may even ask you to send payments via bitcoins or Western Union!
Most of the time, your personal details will be sufficient enough to enable them lay their hands on your money. Once they have obtained enough information from you, they will be able to do any of the following with it:-
- Gain access to your bank account
- Lodge BAS statements or false tax returns in your name
- Access your superannuation account
- Take loans in your name
- Gain access to employee or client records
- Lay claim to Centrelink and other government benefits
What to look out for
The easiest way to ward off these tax scams is to be vigilant and most importantly, skeptical. Avoid clicking on links or URL on emails purporting to be from the Australian Taxation Office. Don’t provide any personal details or passwords online.
If you wish to confirm anything online, log on independently onto the ATO website instead of clicking a link in an email. Most of the time when there is an ATO communication, you will find the notices posted on its website.
Whenever you receive an official-looking SMS or email, take your time to verify it independently through a simple web search before responding. Businesses, particularly, have to be extra cautious during tax time. Many of them have lost millions through the business compromise email scams where sophisticated scammers hijack business email communications and post a request for payment to the scammers’ bank accounts.
Businesses can also be targeted through Ransomware. It might arrive in your inbox clothed in an official-looking ATO communication but once you click it, the malicious software will infect and take control of your systems, completely locking you out. You will not be able to login back into your systems until you pay a ransom, usually in form of cryptocurrencies. Some Ransomware will threaten to publish your private data unless you pay a certain amount. They are so rampant that 50% of Australian companies have been hit so far.
The top tax scams targeting Aussies
The main tax scams that many Australians usually fall for include the following:-
The Australian Securities and Investments Commission (ASIC) Scam
The ASIC scam is one of the oldest financial scams in Australia and typically peaks around tax time. You will receive an email purportedly from ASIC notifying you of a renewal letter that you are supposed to submit or a fine that you are have to pay.
Not only is the letter official-looking enough to fool many people, it also has hints of business and tax matters just around tax time. If you are already engrossed in tax matters at this time, it is very easy to drop the ball and assume this one of the many tax-related obligations that you need to file promptly to avoid penalties.
The ASIC scam occurs mainly in the form of mass phishing attacks on Australian taxpayers. It includes a bogus link to a fake renewal letter. It also contains a second dubious hyperlink spelling out the website URL which may deceive many users while in the real sense, the URL is bogus.
MyGov Correspondence Scam
This is another common scam that peaks around tax time preying on taxpayers’ vulnerability at this point on time. The scammers prey on your fallibility at this time because you are probably in a hurry, are handling a lot of tax matters so your mind is fixated on taxes and you are probably working round the clock to avoid ATO penalties. So when you receive that email from a “tax official”, it becomes almost like a self-fulfilling prophecy and the target easily falls for the scam.
The email includes fake recipients and the domain name looks almost legit. They use what is called domain name typosquatting where they register a domain name that is very similar to that of a real website. Only one letter will be altered or they will use a different domain name extension such as a .net instead of a .gov.au. The rest of everything including the websites, templates and logos are almost a perfect clone of the real deal. They even have the MyGov landing page that from a casual look, appears completely legitimate. This technique is called phishing.
Through this clone website, the scammers will begin luring their victims via an email that they claim to come from Medicare. When a user enters their login details to the page, they are asked to also provide their secret security question and answer and are then redirected to a bogus Medicare website where they are asked to provide their banking details. The instructions specifically ask them to update their Electronic Funds Transfer (EFT) details. These details will subsequently be used to steal your money. The best defense against this kind of scam is to simply be more vigilant.
Commonwealth Bank Scam
The Commonwealth Bank scam has also been quite rampant around tax time and like the previous scams, they use bogus phishing emails and text messages. The scammers ramp up their activity around text time when the public is too engrossed in tax matters to perform serious due diligence on suspicious communications that might appear genuine. Many are caught off-guard and end up losing lots of money.
They will send you an email or SMS notifying you that financial details that may be useful in filing your tax returns are available. They will use a phishing emails that is very similar to genuine emails. Only the email differs but if you aren’t keen, you won’t pick that either. The attachment may contain malware or direct you to other phishing websites where they will likely solicit your personal financial details. This scam is not just limited to Commonwealth Bank. Consumers are receiving emails purportedly coming from various other financial institutions that they may have accounts with.
The ATO scams are probably the most numerous and the Tax Office is accordingly taking measures to warn consumers about these scams. They use all kinds of techniques ranging from emails to SMS and phone calls. There are various types of ATO scams that you may be targeted with such as ATO impersonation scams, fake tax refunds, voicemail scam, tax refund review scams, tax form scams, online activity statements scams and tax refund review scams among others.