In this second article in our series on where businesses should be heading to from here, we outline the ATO’s caution on the increase in targeted cyber-criminal activity and how businesses and individuals can protect themselves.

Australians targeted in COVID-19 scams

Scamming methods

Protecting against tax scams

Series: Where to from here?

Meet the team

The ATO has announced that it is aware of a significant increase in Australians being targeted by cyber criminals, including COVID-19 scams, fraud attempts and deceptive email and SMS schemes.

Whilst tax scams are not new, it seems cyber criminals are attracted to the relatively large sums that are potentially being paid to individuals and businesses where these recipients are not used to dealing directly with the ATO, and aware of how they normally act. There appears to be a particular focus on the recent JobKeeper payment and early release of superannuation measures.

According to the ATO, it will communicate with applicants via SMS and email regarding their JobKeeper and early release of superannuation applications. However it recommends that applicants should not reply if they are unsure whether an ATO interaction is genuine. Rather, they should check with the ATO via other means first to confirm if the communication is genuine.

A number of common scamming methods which the ATO would not engage in, include:

• threats of arrest 
• robocalls 
• using technology to project legitimate numbers onto the caller ID on call logs including legitimate ATO numbers
• demanding immediate payment while on a phone call
• refusing to allow targets to speak with a trusted advisor or tax agent
• requesting payment by unorthodox methods including iTunes, Google Play, Steam or other vouchers, payment by Bitcoin or other cryptocurrency, offshore wire transfer
• requesting provision of personal identifying and financial institution details via a return SMS or email in order to receive a refund 
• requesting recipients click on a link in an SMS or email, to log on to an online service.
  
  

Individuals and businesses can protect themselves by:

• running the latest software updates to ensure operating systems security is current
  updating antivirus software
• always exercising caution when clicking on links and providing personal identifying information
• avoiding accessing online government services via a hyperlink in an email or SMS, instead via an independent search
• calling the ATO on an independently sourced number (ATO: 1800 008 540) to verify an interaction, if in doubt
• educating staff on scam awareness.

Some scammers are very sophisticated and it can often be very hard to distinguish them from legitimate ATO officers or communications. It always pays to be wary. If you encounter any of the above situations or have any concerns regarding the legitimacy of a purported ATO contact you should end the communication immediately and contact the ATO directly to confirm if the issue is genuine.

If you are still concerned, reach out to your KPMG advisor, who will be able to liaise with the ATO on your behalf.

KPMG's 6-part series on where businesses should be heading to from here.