Scammers purporting to be from the Australian Taxation Office (ATO) are trying to steal Aussies’ bank details once again, cybersecurity firm MailGuard has revealed.
The firm intercepted an email that looks like it’s from the ATO, and advises taxpayers their tax refund of around $220 is ready for collection – all they need to do is “click here”.
That link takes them to a page that looks like the myGov login website. However, the domain doesn’t belong to myGov or the ATO, and is actually a phishing page.
Once users ‘log in’ to their accounts, scammers harvest their email address and passwords for later use, and Aussies are met with an error saying their credentials are invalid.
“This is a particularly sinister scam as cybercriminals are attempting to exploit vulnerable Australians, many of whom are suffering economic hardship as a result of the economic uncertainty caused by COVID-19,” MailGuard wrote.
“By falsely claiming that users are eligible for a tax refund, the cybercriminals behind the attack are cruelly capitalising on those unfortunate circumstances.”
With more than 18.7 million active myGov accounts, scammers are casting a wide net, and increasing their chances of being successful.
What do I do if I see a scam?
You can report a government scam to the ATO by phoning 1800 008 540.
If you receive a suspicious email or text claiming to be from the ATO, you can forward the entire email to ReportEmailFraud@ato.gov.au or take a screenshot of it and send it to ReportEmailFraud@ato.gov.au.
Make sure you delete the email or text, and do not click on it or download any files from it.
Signing up for the six-week challenge? Join the conversation at The Broke Millennials Club on Facebook.