You login to your myGov account to find that your activity statements for the last 12 months have been amended and GST credits of $100k
issued. But it wasn’t you. And you certainly didn’t get a $100k refund in your bank account. What happens now?
In what is rapidly becoming the most common tax scam, myGov accounts are being accessed for their rich source of personal data, bank
accounts changed, and personal data used to generate up to hundreds of thousands in fraudulent refunds. For all intents and purposes, it is
you, or at least that’s what it seems. And, the worst part is, you probably gave the scammers access to your account.
But it’s not just activity statements. Any myGov linked service that has the capacity to issue refunds or payments is being targeted. Scammers are using the amendment periods available in the tax law to adjust existing data and trigger refunds on personal income tax, goods and services tax (GST), and through variations to pay as you go (PAYG) instalments. In some cases, the level of sophistication and knowledge of how Australia’s tax and social security system operates is next level.
Once the scammers have access to your myGov account, there is a lot of damage they can do.
So, how does this happen and why is it so pervasive? Humans are often the weakest link.
Common scams utilise emails (78.9% of reported tax related scams in the last 12 months) or SMS (18.4% of reported scams) that mimic communication you might normally expect to see. The lines of attack used by tax related scammers are commonly:
Approximately 75% of all email scams reported to the ATO to March 2024 were linked to a fake myGov sign in page.
Often the first sign that something is amiss is alerts about activity on your myGov account or a change in details - which might seem a
little ironic if the way in which scammers got into your account in the first place.
In general, you should always log into your myGov account directly to check on any details alerted in messages rather than clicking on links. This way, you know that you are not being redirected to somewhere you should not be.
And, don’t log into your myGov account on free wifi networks. Ever.
There is a pervasive view that older, technology challenged individuals are the most at risk. And while this might be the case generally, scamming is impacting all age groups.
The ATO says that the demographic who most reported providing personal information to scammers was 25 to 34 year olds. And, the younger generation are more likely to fall for investment scams. According to the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3), people under the age of 50 are overtaking older Australians as the most reported victims of investment scams. Australians reported losing $382 million to investment scams in the 2023-24 financial year. Nearly half (47%) of the investment scam losses involved cryptocurrency.
Scammers are in the business of scamming and they will use every trick and opportunity to part you from your money.
Pig butchering. Pig butchering is a tactic where scammers devote weeks or months to building a close relationship with their victims on social media or messaging apps, before encouraging them to invest in the share market, cryptocurrency, or foreign currency exchanges. Victims think they are trading on legitimate platforms, but the money is siphoned into an account owned by the scammers, who created fake platforms that look identical to well-known trading and cryptocurrency sites. Scammers will show fake returns on these platforms to convince victims to invest more money. Once they have extracted as much money as possible, the scammers disappear with all the invested funds.
Deepfakes. Deepfakes are lifelike impersonations of real people created by artificial intelligence technologies. Scammers create video ads, images and news articles of celebrities and other trusted public figures to promote fake investment schemes, which can appear on social media feeds or be sent by scammers through messaging apps. Unusual pauses, odd pitches, or facial movement not matching their speaking tone are often giveaways but increasingly, the fakes are difficult to spot.
The names and details of legitimate businesses are used to issue fake invoices with the money transferred to the scammer’s account. These scams are often tied to cyber breachers where hackers have accessed your systems and have identified your suppliers.
There has been a lot in the media of late about people receiving phone calls purporting to be from their bank, advising them there is a
problem with
their account, and then walking them through a resolution that involves transferring all their money into a ‘safe’ scammers account. Victims
commonly state that they believed the scammer because of the level of personal information they relayed. Your bank will never send an email
or text message asking for any account or financial details, this includes updating your address or log in details for phone, mobile or
internet banking.
A CHOICE survey found that four out of five of the victims of banking scams in their report said their banks did nothing to flag a scam
before they transferred their money to the perpetrator.
The Australian Banking Association have stated that, if not already, banks will introduce warnings and payment delays by the end of 2024.
And, in addition to other measures, they will limit payments to high-risk channels such as crypto platforms.
myGov
If you have downloaded a fake myGov app, have given your details to a scammer, or clicked on a link from an email, text message or scanned a
QR Code, contact Services Australia Scams and Identify Theft Helpdesk on 1800 941 126, or get
help with a scam here.
Tax scams
Before acting on any instructions, please contact us and we will verify the information for you.
If you have already acted, contact the ATO to verify or report a scam on 1800 008 540.
The Government use external agency recoveriescorp for debt collection, but we will advise you if you have a tax debt outstanding.
For more information contact a Forsyths team member today.