Businesses beware: 6 tips to avoid getting scammed this tax season

With Australians set to lodge their tax returns in the new financial year, the Australian Taxation Office has issued a warning that cyber criminals are leveraging tax returns and fake tax debt phishing scams. 

Last month, the ATO warned it had seen an escalation in the number of tax-related scams leading up to the end of the financial year.

During peak tax time in July last year, data from the Australian Competition and Consumer Commission’s (ACCC) Scamwatch revealed that Australians lost a total of $27 million.

But it’s not just the common folks that scammers are eyeing. Data also showed that micro, small and medium-sized businesses are being increasingly targeted by cyber scams.

In 2021, small businesses or firms with five to 19 staff had the highest median loss from cyber scams, with an average loss of $3,812 compared to other business sizes, with a total loss of $3.5 million. 

Meanwhile, microbusinesses or firms with zero to four staff had a median loss of $1,550 and a total loss of $3.5 million. 

So what was the method of choice for these scammers? Data showed that businesses had been mostly victimised through email. 

In 2022, data also showed phishing was the most common method of scamming Australians, with SMS scams as the most common delivery method that hit Aussies’ pockets of over $3 million.

During this busy period, businesses are advised to be “extra-vigilant” about any communications they are receiving about taxes or from the ATO”, according to senior director at Proofpoint Adrian Covich.

He has also warned businesses to brace for the worst, as he predicts that scams will be at their peak this tax season. 

“Scammers are notorious for taking advantage of every tax season by mounting tax-themed campaigns that aim to steal money and sensitive information,” he stated. 

He advised that cyber criminals are becoming more adept at impersonating organisations such as the ATO, making it difficult to verify the legitimacy of communications. 

“In 2020 and 2021, the ATO reported an increase of impersonation scams via phone, SMS and email around tax time, and already we’re seeing these types of phishing scams emerge ahead of tax season,” Mr Covich said. 

The expert further explained that tax scams aren’t always centred on stealing money but also use the lure of tax refunds, or threatening action over unpaid tax, to steal and on-sell sensitive personal or business data.

He offered words of wisdom for anyone handling communications for their business. “If you are unsure if the body contacting you is the ATO, you can verify this by calling the ATO directly from their website,” he stated.

Here are the cyber security expert’s top tips on how to spot a phishing scam this tax season:

1. Don’t give out personal or company confidential information

Most firms or government agencies will never require personal credentials through email, Mr Covich stated. 

He added that most organisations would have policies that will forbid external communications of business intellectual property. 

“Stop yourself before revealing any confidential information over email or phone,” he advised. 

2. Review the email salutation 

The expert also revealed that email scams can be sussed out just by analysing the email sign-off and how they are formatted. 

He advised that if the email is addressed to a vague target market, such as “Valued Customer”, the recipient must proceed with caution. 

“Legitimate organisations will often use a personal salutation with your first and last name,” he stated. 

3. Watch out for spelling mistakes

Brands, as well as major government organisations, are particular about getting their spelling right in their email communications, according to Mr Covich.

On that note, he called attention to spotting any spelling errors and proceeding with caution upon finding them. 

“Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious,” he said. 

4. Don’t click on any attachments

A common phishing tactic used by scammers nowadays is including malicious attachments that contain viruses and malware. 

“Malware can damage files on your computer, steal your passwords or spy on you without your knowledge,” he explained. 

He warned against opening any email attachments that unexpectedly pop into your email. 

5. Be wary of emails using urgent and threatening language in the subject line 

One of the most common ways scammers empty people’s pockets is by instilling fear in their potential victims.

“Invoking a sense of urgency or fear is a common phishing tactic,” according to Mr Covich. 

As a safety protocol, he advised avoiding responding to emails with subject lines that claim your “account has been suspended” or require you to act on an “urgent payment request”. 

6. Don’t believe everything you see

Lastly, Mr Covich said that a little scepticism goes a long way when spotting phishing scams. 

“Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly valid email address.

“Be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open it,” he concluded.