How investors can avoid phishing scams this tax season

Last month, the ATO warned it had seen an escalation in the number of tax-related scams leading up to the end of the financial year.

The tax regulator also highlighted that email phishing is the popular method of choice among scammers. 

“We’re seeing an increase in email phishing scams claiming to be from the ATO,” the tax regulator stated.

In 2022, data also showed phishing was the most common method of scamming Australians, with SMS scams as the most common delivery method that has already seen scammers pocketing a total of $3 million from innocent people. 

During this hectic period, Adrian Covich, senior director at Proofpoint, has advised people to be “extra-vigilant” about any communications they are receiving about taxes or from the ATO, noting that scams will be at their peak in the coming months.

During peak tax time in July last year, data from the Australian Competition and Consumer Commission’s (ACCC) Scamwatch revealed that Australians lost a total of $27 million. 

“Scammers are notorious for taking advantage of every tax season by mounting tax-themed campaigns that aim to steal money and sensitive information,” he stated. 

The cyber security pundit warned that cyber criminals are becoming more adept at impersonating organisations such as the ATO, making it difficult to verify the legitimacy of communications.

“In 2020 and 2021, the ATO reported an increase of impersonation scams via phone, SMS and email around tax time, and already we’re seeing these types of phishing scams emerge ahead of tax season,” Mr Covich said. 

The expert further explained that tax scams aren’t always centred on stealing money but also use the lure of tax refunds, or threatening action over unpaid tax, to steal and on-sell sensitive personal or business data.

As one surefire way to evade scammers’ ruses, he advised: “If you are unsure if the body contacting you is the ATO, you can verify this by calling the ATO directly from their website.” 

Here are top tips on how to spot a phishing scam this tax season:

1. Don’t disclose personal or company confidential information

Mr Covich reminded that most firms or government agencies would never require personal credentials through email.

He added that most organisations would have policies rolled out that will forbid external communications of business intellectual property. 

With this, he stated: “Stop yourself before revealing any confidential information over email or phone.”  

2. Review the email salutation 

The cyber security expert also revealed that email scams could be spotted just by the email sign-off and how they are formatted. 

He advised that if the email is addressed to a vague target market, such as “Valued Customer”, it may be a phishing scam.

“Legitimate organisations will often use a personal salutation with your first and last name,” he stated. 

3. Watch out for spelling mistakes

Brands, as well as major government organisations, are particular about getting their spelling right in their email communications, according to Mr Covich.

On that note, he called attention to spotting any spelling errors and proceeding with caution upon finding them. 

“Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious,” he said. 

4. Don’t click on any attachments

A common phishing tactic used by scammers nowadays is including malicious attachments that contain viruses and malware. 

“Malware can damage files on your computer, steal your passwords or spy on you without your knowledge,” he explained. 

He warned against opening any email attachments that came unexpectedly into your inbox. 

5. Be wary of emails using urgent and threatening language in the subject line 

One of the most common ways scammers empty people’s pockets is by instilling fear in their potential victims.

“Invoking a sense of urgency or fear is a common phishing tactic,” according to Mr Covich. 

As a precaution, he advised avoiding responding to emails with subject lines that claim your “account has been suspended” or require you to act on an “urgent payment request. 

6. Don’t believe everything you see

Lastly, Mr Covich said that a little scepticism goes a long way when spotting phishing scams. 

“Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly valid email address.

“Be skeptical when it comes to your email messages — if it looks even remotely suspicious, do not open it,” he concluded.