This end of financial year, look out for tax refund phishing scams
View radar online
Added: August 2013
SCAMwatch and the Australian Taxation Office (ATO) are urging consumers and small businesses to be aware of tax refund email scams, with scammers taking advantage of the busy nature of tax time to target you.
A new phishing email claiming to be from the ATO is currently circulating that claims you are entitled to a tax refund. All you have to do is click on an embedded link and complete an online form. But watch out – the online form and link are fake, and are designed to steal your personal information or infect your computer with malware.
Scams are increasingly sophisticated these days, with scammers creating slick websites and forms that look like the real deal. These sites may in fact be mirror images of the ATO's official site, with scam forms designed to be quick and easy to fill out. You may even find a web button that appears to link to your bank or financial institution, when in fact it will send you to another scam site asking for your log-in details or personal information.
You might be busy at tax time, but don't lower your guard to scams. The ATO will never email asking you to confirm, update or disclose confidential details like your tax file number, passwords or credit card details.
How these scams work
- You receive an email out of the blue from someone claiming to be from the ATO, informing you that you are entitled to a refund.
- The email may appear to come from an official part of the ATO such as the 'Tax Refund Department', Tax Refund E-Portal, or Australian Taxation Office Online eTax.
- The email may also appear to be from an official ATO email address such as 'payroll.invoices @adp com', 'Taxrefund @portalservice .au', or 'refundsato.gov.au'.
- In order to claim your refund, the email instructs you to confirm, update or disclose personal details by completing an online form.
- To access the form, you must open an embedded link or an attachment.
If you open the link or attachment, your computer may be infected with malicious software.
If you fill in the form, you are handing over your personal details to a scammer, who may then use it to steal your identity and money.
Protect yourself
- If you receive an email from out of the blue from someone claiming that you are entitled to a refund – just press 'delete'.
- If you're not sure whether an email is a scam, verify who they are by using their official contact details to call them directly. Never use contact details provided by the sender – find them through an independent source such as a phone book or online search.
- Watch out for tell-tale signs – whilst the sender may claim to be from an official source, their email may contain spelling mistakes or use poor grammar.
- Never click on links or open attachments in an email from an unverified sender – they may contain a malicious virus.
- Keep your computer secure – always update your firewall, anti-virus and anti-spyware software, and only buy from a verified source.
- If you think you have provided your tax file number to a scammer, contact the ATO immediately.
If you want to update your tax details online, visit the ATO's official website: www.ato.gov.au.
Report
If you think you have received a scam claiming to be from the ATO or about tax, report it to the ATO by emailing ReportEmailFraud@ato.gov.au, or call 13 28 61 (individuals) or 13 28 66 (businesses).
You can report scams to the ACCC via the SCAMwatch report a scam page or by calling 1300 795 995.
More information
Check out examples of tax scams on the ATO website and the phishing scams page of SCAMwatch.
Stay one step ahead of scammers – follow @SCAMwatch_gov on Twitter or visit http://twitter.com/SCAMwatch_gov.
You have received this email because you have subscribed to receive SCAMwatch radar alerts on scams targeting Australians. These alerts are issued by the Australian Competition and Consumer Commission and can be viewed on its SCAMwatch website http://www.scamwatch.gov.au/.
If you have any doubts about an email's source, verify the sender by independent means - use their official contact details to check the email is legitimate before clicking on links or opening attachments.
If you no longer want to receive SCAMwatch email alerts, please unsubscribe on the SCAMwatch website.