The ATO has issued a warning regarding a scam email which is currently doing the rounds.
Scammers send the email from a fake myGov email address to advise of a tax refund which can be claimed by filling out an online application form. The email contains a malicious link which will direct you to a fake ‘Tax Refund’ form in order to steal personal information.
The image below is an example.
Note that this scam email:
- misleadingly includes the myGov logo
- asks you to click a link that appears to be the myGov website but when hovering over the link it does not lead to a my.gov.au address
- does not include your name
- contains poor grammar and spelling
Do not click on links in this email or any email / text message claiming to be from myGov. myGov will never send you a text, email or attachment with hyperlinks or web addresses.
Messages received in your myGov Inbox are secure and it is safe to open links included in those messages.
Steps you can take to protect your myGov account
- do not share your myGov sign-in details with anybody else
- use a strong password that is easy for you to remember but hard for others to guess
- use a different password to your other online accounts
- change your password and myGov PIN regularly
- do not let other people see your computer screen when you use the ‘show password’ option
- do not send your password and myGov PIN to anyone by email or text message
- do not tell anyone your email account password
- always sign out of your myGov account when you have finished using it
- check for the Extended Validation Certificate indicator in your browser’s address bar when accessing myGov. Each browser shows the Extended Validation Certificate in a different way. Usually this is a green box or bar with a padlock icon.
Report any suspicious correspondence
If you do receive a suspicious email or text message, you can report it to myGov or Scamwatch.
Alternatively, you can:
- contact your usual Marsh & Partners advisor and we will investigate for you. You can reach us on (07) 3023 4800 or at email@example.com.
- call the ATO on 1800 008 540 between 8:00am and 6:00pm Monday to Friday to verify the legitimacy of the communication
- forward the entire email to the ATO at ReportEmailFraud@ato.gov.au