Cybercriminals targeting Australian taxpayers through fake MyGov profiles and unauthorised ATO account access have raised concerns.

Attackers create counterfeit MyGov profiles linked to victims' personal information, accessing ATO accounts to divert tax refunds and gather sensitive financial data. Weak security, such as reused passwords or weak multi-factor authentication, such as weak security questions or emailed security codes, if your email is also compromised, may contribute to breaches.

Case Study:

Sue, an Australian taxpayer, found unexpected changes to her bank details on her MyGov account. Cybercriminals accessed her ATO account via a fake MyGov profile, redirecting her $25,000 tax refund. Sue's case emphasises monitoring MyGov and ATO accounts for discrepancies and acting quickly when noticing suspicious activity.

Warning signs include unusual MyGov account activity, unexplained bank detail changes, unauthorised logins, or unfamiliar transactions. Regular monitoring and reporting suspicious activity are crucial. Victims of high-profile breaches (e.g., Medibank, Optus, Latitude) face higher risks and you can request a security block on your TFN.

Protection measures:

✅ Strengthen login credentials: Use strong, unique passwords for MyGov and email accounts. Ideally randomised ones via a password manager. Enable 2FA. An authenticator app is MyGov's most secure two/multi factor option.

✅ Beware of phishing emails: Avoid clicking links or downloading attachments from unverified sources; verify emails from ATO or MyGov.

✅ Monitor accounts: Regularly check MyGov and ATO accounts for suspicious activity. Have I Been Pwned site regularly to see if your email(s) has been involved in a data breach.

✅ Update devices: Install security patches and use reputable antivirus software.

✅ Report suspicious activity: Report compromised MyGov or ATO accounts to the ATO and Services Australia.

Being vigilant, securing personal information, and staying informed about cybersecurity threats is essential to defend against cybercriminals.