Tax season can be stressful for many people – and this stress can make you more vulnerable to scammers, who strike at the end of the tax year, hoping to gain an advantage at your expense.
There are unfortunately many different ways that scam artists can trick both individuals and small businesses from parting with their hard-earned money at the end of the financial year. So it literally pays to be aware of the most common tricks, as well as some of the new and creative ways these criminals will try to get a foot in the door.
Here are some of the most common methods in play right now:
Scammers are emailing people advising them that due to ATO security updates, they are required to update the multifactor authentication (MFA) on their ATO account.
The scam email includes a QR code which takes you to a fake myGov sign in page, designed to steal your myGov sign in details.
The ATO will never send you an email with a QR code or a link to log in to their online services.
If you receive an email like this, do not scan the QR code, click on links, open attachments or download files. Forward the email to reportscams@ato.gov.au, and then delete it.
ATO branded emails containing links to fake myGov websites are the most commonly reported scam by the community and approximately 75% of all email scams reported to the ATO in the 6 months prior to February 2024 had linked to a fake myGov sign in page.
Scammers use fake myGov websites to steal your sign in credentials and gain access to your myGov account. Once the scammer has access, they can make fraudulent lodgments in your name and also change bank details so that any payments are redirected to a scammers account.
Scammers use different phrases to trick people into opening these links. Some examples are:
'You are due to receive an ATO Direct refund'
‘You have a new message in your myGov inbox – click here to view”
'You need to update your details to allow your Tax return to be processed'
'We need to verify your incoming tax deposit'
'ATO Refund failed due to incorrect BSB/Account number'
‘Your income statement is ready, click on the link to view’
There are an increasing number of fake social media accounts impersonating the ATO, its employees and senior executive staff across Facebook, Twitter, TikTok, Instagram and other platforms.
These fake accounts ask users that interact with the ATO to send them a direct message so they can help with their enquiry.
The people behind these fake accounts are trying to steal your personal information, including phone numbers, email addresses and bank account information.
All calls, messages and emails of this kind should be treated with extreme caution. The ATO, Centrelink, banks and financial institutions will never contact you to request verification of personal details for any reason, including tax returns.
Do not click on any link in the message or email, or call a phone number provided by the email.
If you are unsure about the authenticity of a phone call, text message or email, hang up the call, ignore the message, and contact the official company communication line to verify.
If you have provided a scammer with funds or provided personal details, immediately notify the relevant institution – your bank, the ATO or police authorities about your compromised personal details to receive prompt and relevant advice.
There has been significant growth in the use of SMS by cybercriminals. Cybercriminals often use hyperlinks in targeted SMS phishing scams. The hyperlinks take individuals to highly sophisticated fraudulent websites (such as a fake myGov sign in page) designed to steal personal information or install malware.
The Australian Tax Office (ATO) paid out more than half a billion dollars to cyber criminals between July 2021 and February 2023, according to an ABC report.
The ATO is in the process of removing hyperlinks from all outbound unsolicited SMS by Tax Time 2024. This will help protect the community by making it easier to identify legitimate ATO SMS interactions.
How to identify an official correspondence from H&R Block
All official H&R Block correspondence will come from the below email domains & SMS numbers – these may change over time so if you receive something from a different domain or number, please contact us immediately to verify its authenticity.
Email domains used by H&R Block:
There are unfortunately many different ways that scam artists can trick both individuals and small businesses from parting with their hard-earned money at the end of the financial year. So it literally pays to be aware of the most common tricks, as well as some of the new and creative ways these criminals will try to get a foot in the door.
Here are some of the most common methods in play right now:
Multifactor Authentication (MFA) email scam
Scammers are emailing people advising them that due to ATO security updates, they are required to update the multifactor authentication (MFA) on their ATO account.
The scam email includes a QR code which takes you to a fake myGov sign in page, designed to steal your myGov sign in details.
The ATO will never send you an email with a QR code or a link to log in to their online services.
If you receive an email like this, do not scan the QR code, click on links, open attachments or download files. Forward the email to reportscams@ato.gov.au, and then delete it.
myGov Email Impersonation Scams
ATO branded emails containing links to fake myGov websites are the most commonly reported scam by the community and approximately 75% of all email scams reported to the ATO in the 6 months prior to February 2024 had linked to a fake myGov sign in page.
Scammers use fake myGov websites to steal your sign in credentials and gain access to your myGov account. Once the scammer has access, they can make fraudulent lodgments in your name and also change bank details so that any payments are redirected to a scammers account.
Scammers use different phrases to trick people into opening these links. Some examples are:
'You are due to receive an ATO Direct refund'
‘You have a new message in your myGov inbox – click here to view”
'You need to update your details to allow your Tax return to be processed'
'We need to verify your incoming tax deposit'
'ATO Refund failed due to incorrect BSB/Account number'
‘Your income statement is ready, click on the link to view’
SMS and email scams – cryptocurrency
Scammers pretending to be from the ATO are telling people they are suspected of being involved in cryptocurrency tax evasion. They are then asking them to ‘connect their wallet’ and provide detailed information via a link.
If you receive an SMS or email like this, don’t click on the link. It will take you to a fake myGov log on page, designed to steal your personal information.
ATO social media impersonation accounts scam
There are an increasing number of fake social media accounts impersonating the ATO, its employees and senior executive staff across Facebook, Twitter, TikTok, Instagram and other platforms.
These fake accounts ask users that interact with the ATO to send them a direct message so they can help with their enquiry.
The people behind these fake accounts are trying to steal your personal information, including phone numbers, email addresses and bank account information.
Be aware – and take action
All calls, messages and emails of this kind should be treated with extreme caution. The ATO, Centrelink, banks and financial institutions will never contact you to request verification of personal details for any reason, including tax returns.
Do not click on any link in the message or email, or call a phone number provided by the email.
If you are unsure about the authenticity of a phone call, text message or email, hang up the call, ignore the message, and contact the official company communication line to verify.
If you have provided a scammer with funds or provided personal details, immediately notify the relevant institution – your bank, the ATO or police authorities about your compromised personal details to receive prompt and relevant advice.
ATO social media impersonation accounts scam
There has been significant growth in the use of SMS by cybercriminals. Cybercriminals often use hyperlinks in targeted SMS phishing scams. The hyperlinks take individuals to highly sophisticated fraudulent websites (such as a fake myGov sign in page) designed to steal personal information or install malware.
The Australian Tax Office (ATO) paid out more than half a billion dollars to cyber criminals between July 2021 and February 2023, according to an ABC report.
The ATO is in the process of removing hyperlinks from all outbound unsolicited SMS by Tax Time 2024. This will help protect the community by making it easier to identify legitimate ATO SMS interactions.
How to identify an official correspondence from H&R Block
All official H&R Block correspondence will come from the below email domains & SMS numbers – these may change over time so if you receive something from a different domain or number, please contact us immediately to verify its authenticity.
Email domains used by H&R Block:
- @hrblock.com.au
- @e.hrblock.com.au
- @feedback.hrblock.com.au
- +61488884960
- +61418840223
Share with your friends
Book an appointment online today
Our H&R Block accountants are now working online. Book an appointment with an expert.
Related Articles
Learn more about Australian tax system and tax rates, and how are income taxes computed for indiv...
11 min read
How does the medicare levy surcharge work and who is liable to pay it?
4 min read
It can be easy to get caught up in the hype at the end of the financial year as retailers turn to...
4 min read
It can be challenging to be a small business owner. But we 've got some tried and tested top busi...
4 min read