It’s Tax Scam time again!

January 8, 2018

It’s Tax Scam time again!

Lyal Collins is a Loop security expert specialising in PCI-DSS matters. He advises Loop clients on PCI compliance and other security challenges. It is tax return season now, and in this post Lyal talks about how to protect ourselves from scammers during this time of the year. If you have a question for Lyal, please email info@looptech.com.au .

It’s Tax Scam time again!

Yes, it’s that time again - when Australians begin the yearly drudge of completing and lodging their personal income tax returns.  Business accountants, and financial officers will be doing the same for their companies/employers. Unfortunately this is also a great opportunity for scammers to strike by soliciting your personal financial information through emails disguised as legitimate requests for information from the Australian Tax Office (ATO).

Some of us expect a tax refund, which is great when it happens.   I’m sure many others are hoping for a tax refund but are not sure if the taxman will agree.  Organised criminal elements / scammers also know this, and find tax time a great time to prey on individuals – and company financial controllers.

Typically, the scam appears in the form of an email, asking the individual to click a link, and confirm/update details to expedite processing of their refund - details, such as bank accounts, credit card details, or personal / company details.  Once the scammer has these details, they proceed to drain bank accounts, or to engage in various forms of identify theft.  The natural tendency to hope / wish for a tax refund motivates the victim to fall for this scam, increasing the return to the scammers.

There is another version of a tax refund scam.  Australians are fortunate that our Tax File Number is a highly protected item under legislation, and only used, stored and disclosed under specific circumstances.  As a result, lodging of false tax returns using stolen identities in order to claim the refund is comparatively rare, at least for now.  By contrast, US press reports indicate false tax returns have become an epidemic of fraud, due in part to the widespread use of the Social Security Number (SSN), which is not well protected under legislation and consequently widely shared and weakly protected. In 2014, the Internal Revenue Service (the US equivalent of the ATO) lost an estimated US$ 6.5 billion in fraudulent tax refunds, and this year's losses are anticipated to be even higher!

The scammers are not averse to using phone calls to relieve you of some of your money either.  Scam phone calls are on rise, and last year the Australian Competition and Consumer Commission (ACCC) and the ATO issued a warning to the public to this effect.  Some of the scammers’ methods are described in this article.

The good news is that those of us lucky to legitimately get a tax refund will do so over the coming months. The bad news is that unsuspecting individuals will fall prey to these scams.

June is a good time to remind friends, our financial managers and ourselves that scammers are about.  Further, do not respond to emails purporting to be from the Australian Tax Office that ask for details or to click a link – the ATO never use emails to request these details. See here for more information on how some of these scams work.

The following guidelines provided by the Australian government’s “scam watch” website are a helpful to protect yourself from scammers:

Never send your personal, credit card or banking details in an email or over the phone; scammers will use your details to commit identity fraud or steal your money.
If you receive unsolicited emails claiming to be from the ATO, Centrelink or your bank, delete them immediately!
If you are unsure whether you have received a legitimate request, call the organisation by using contact details from legitimate sources. Don’t rely on contact details provided to you in an email or through the phone. Instead, obtain contact details through an Internet search, telephone directories or official letters / statements from organisations such as banks.
Don't open any attachments or click on any links in, or reply to, these emails. This may result in downloading malicious viruses on your computer.

Companies usually have invested in specific email filtering and scam / spam blocking tools; features that personal email accounts often lack.  Now is a good time to check your corporate email filtering tools are updated and configured to detect and block spam and scam emails, your company finances will thank you.

It is never too late to be a good cyber citizen.  Sharing warnings and news about scams with your friends and colleagues makes us all less vulnerable.

Join 9,000 cyber security-obsessed readers on our mailing list.

Expertly curated emails that’ll help you stay on top of cyber security news and trends