As of November 2024, there has been a surge in scams impersonating the Australian Taxation Office (ATO) and exploiting the recent transition from myGovID to myID. These fraudulent activities aim to steal personal information and can lead to significant financial loss.
Understanding the myGovID to myID Transition
On 13 November 2024, the myGovID app was rebranded as myID, featuring a new name and look but maintaining the same functionality. Users are not required to set up a new myID or reconfirm their details due to this change. Any unsolicited requests prompting such actions are scams.
Common Scam Tactics
Scammers are employing various methods to deceive individuals:
- Phishing Emails: Fraudulent emails claiming to be from the ATO or myGov inform recipients of recalculated taxable income and promise compensation. These emails request personal details such as payslips, Tax File Numbers (TFN), driver’s licence, and Medicare information.
Australian Taxation Office - Fake Verification Requests: Messages urging users to reconfirm their details due to the myID transition, directing them to counterfeit myGov sign-in pages designed to harvest login credentials.
Australian Taxation Office - myGov account hacking: We are hearing reports of people’s myGov accounts getting hacked, bank account details getting changed to the hackers and then they are lodging new or amended Tax Returns with false information to get refunds issued direct to the hackers.
Red Flags to watch out for include:
- Email coming from “unusual address”. You can also hover your mouse over the “From:” email address to see the underlying email address to make sure it is really coming from whom it appears to be coming from. Be careful of minor difference like ATO.gov.au not ATO.com.au;
- The ATO obviously won’t be “forwarding” you emails “Sent from my iPhone”;
- Embedded links – you can hover your mouse over links to see the real URL they are taking to you. Either way, never click on the links – always go to your browser and log in to the apps from there.
- The time stamp on the email– eg does that person normally email you at 3am?
- Is the email something you were expecting?
- Are they expressing some sort of urgency eg “You must login in now to review your account and pay the overdue tax immediately”.
- Bad spelling and/or bad grammar – although with the rise of AI like ChatGPT these aren’t as obvious as they once were.
Protective Measures
To safeguard yourself against these scams:
- Do Not Click on Suspicious Links: The ATO will never send unsolicited messages containing hyperlinks. Avoid clicking on links or downloading attachments from unexpected emails or SMS messages.
- Verify Communications: Access legitimate ATO communications through the official ATO online services by logging into your myGov account. If you need more clarification about the authenticity of a message, contact the ATO directly at 1800 008 540 or give us a call!
- Protect Personal Information: Never provide personal details such as TFN, bank account numbers, or myGov login credentials via email, SMS, or social media platforms.
- Improve your myID identity security level and set up two factor authentication.
Reporting Scams
If you encounter a suspicious message or believe you’ve been targeted:
- Report to the ATO: Forward scam emails to [email protected] or take a screenshot of scam SMS messages and email them to the same address.
Australian Taxation Office - Contact ATO Support: If you’ve provided sensitive information or suffered financial loss, immediately contact the ATO at 1800 008 540 and inform your financial institution.
Australian Taxation Office - Let us know!
Staying informed and vigilant is crucial in protecting yourself from these scams. Always access government services through official channels and be cautious of unsolicited communications requesting personal information.