Tax time is stressful enough without the added worry of cybercriminals making off with your hard-earned refund. 

But that’s exactly what’s happening to a growing number of Australians, with the Australian Taxation Office (ATO) issuing a fresh warning after hackers managed to steal information through fraudulent tax returns. If you thought your myGov account was safe, it’s time to think again—and take action.

Let’s get one thing straight: the ATO’s systems haven’t been hacked. According to the ATO, their digital fortress remains ‘secure, resilient and has not been compromised’. 

So, how are hackers getting in? The answer is identity theft. Cybercriminals are finding ways to obtain your personal information—sometimes through phishing emails, sometimes via large-scale data breaches, or even by hacking into your home network or devices. 

Once they have enough details, they can log into your myGov account, file a fake tax return, and redirect your refund to their bank account—all in seconds.

Take Perth resident Kate Quinn, for example. She only discovered something was wrong when her accountant tried to access her tax records, only to find they were no longer authorised. 

Hackers had already lodged an $8,000 tax return in her name and changed her bank account details. 

‘They hack in, they untick “notify me or notify my tax agent” and change the bank account details,’ Quinn explained. 

‘It probably takes all of 10 to 15 seconds [to] change the bank account details and the money’s gone, and the case is closed and no one’s notified.’

It’s not just individuals who are at risk. Melbourne accountant Adrian Raftery reported a similar scam, with hackers amending previous tax returns and filing new ones to pocket more than $14,000 in fraudulent refunds from one client.

How are hackers getting in?

The ATO says identity information can be compromised in a variety of ways:

• Phishing emails that trick you into giving up your login details
• Data breaches at companies where your information is stored
• Hacking of your devices or home Wi-Fi network
• Malicious actors requesting information under false pretences

Once they have your details, they can access your myGov account, change your bank details, and even turn off notifications so you and your tax agent are left in the dark.

The ATO is taking these incidents seriously. If they suspect your identity has been compromised, they’ll activate ‘stringent security measures’ and work with you to restore your account to its ‘true and genuine position’. 

They’ll also try to recover any stolen money, but as these cases show, prevention is far better than a cure.

How can you protect yourself?

Here are some practical steps you can take right now:

• Strengthen your digital identity: The ATO recommends using myID (formerly myGovID), the government’s digital identity app, and setting it to the highest identity strength possible.
• Be wary of scams: The ATO will never send you an unsolicited message with a login link. If you get an email, SMS, or phone call claiming to be from the ATO, don’t click any links. Instead, go directly to ato.gov.au or my.gov.au by typing the address into your browser.
• Monitor your accounts: Regularly check your myGov and ATO accounts for any unusual activity, especially around tax time.
• Update your passwords: Use strong, unique passwords for your online accounts and change them regularly.
• Secure your devices and network: Protect your computer, phone, and Wi-Fi with up-to-date security software.

If you suspect your information has been compromised or notice any suspicious activity on your ATO or myGov account, contact the ATO immediately on 1800 008 540.

If you use a tax agent, let them know as well—they can help you navigate the process and protect your interests.

Original article can be found here on YourLifeChoices