Toggle sidebar Toggle sidebar

New scam outsmarts security measures—what every Aussie should know

Michelle Engbino
By Michelle Engbino
  • Replies 40
Tax time is stressful enough without having to worry about scammers lurking in your inbox—but unfortunately, that’s exactly what’s happening this year.

A new, highly sophisticated phishing scam is making the rounds, and it’s targeting Australians right when we’re most likely to be expecting official messages from the ATO or myGov.

Even if you consider yourself pretty tech-savvy, this scam is clever enough to fool just about anyone—and it’s even designed to get around two-factor authentication (2FA), which many of us rely on for extra security.



This isn’t your run-of-the-mill, typo-riddled scam email. According to cybersecurity experts at MailGuard, the scam starts with a very convincing email that appears to come from the ATO.

The subject lines are designed to grab your attention—think 'New mail In' or 'Urgent new notification in your account inbox.' The message is polite, urgent, and looks exactly like something you’d expect to see during tax season.

The email urges you to click a link to 'review' a message or claim a refund. If you do, you’re taken to a fake myGov login page that’s almost indistinguishable from the real thing.

Here’s where it gets really sneaky: after you enter your myGov username and password, the site asks for your SMS verification code—just like the real myGov site would. This is a deliberate move to bypass 2FA, a security measure that’s supposed to keep your account safe even if your password is stolen.


compressed-ed-hardie-RMIsZlv8qv4-unsplash.jpeg
A new, highly sophisticated ATO phishing scam is targeting Australians during tax season, using fake myGov emails to steal personal and financial information. Image source: Ed Hardie / Unsplash.



But it doesn’t stop there. The fake site then asks for even more personal information, including your full name, date of birth, address, driver’s licence number, and credit card details. In other words, everything a scammer needs to steal your identity or drain your bank account.

'It’s a textbook example of psychological manipulation. The message is urgent, polite, and familiar — exactly what someone would expect during tax season. But one click opens the door to identity theft and financial fraud,' said MailGuard CEO Craig McDonald.

The timing of this scam is no accident. As McDonald explains, 'Cybercriminals are opportunists. They exploit timing, behaviour, and platform trust. During tax time, Australians expect emails from the ATO or myGov and that expectation becomes a vulnerability if not protected.'

With millions of Australians preparing and lodging their tax returns, scammers know we’re on the lookout for official messages. That’s why their emails are so convincing—and why so many people are falling for them.

Also read: Tax office exposes scams that mislead super members



This isn’t an isolated incident. The ATO has reported a staggering 300% increase in scam emails compared to the same period last year.

In just the first four months of 2025, phishing scams have cost Australians nearly $13.7 million—almost triple the losses reported in early 2024. While the total number of scam reports has dropped, the amount of money lost is skyrocketing, showing just how effective these new scams have become.

It’s not just individuals who are at risk, either. Businesses are also being targeted, with scammers using similar tactics to try to access sensitive financial information.



So, how can you tell if that email from the ATO or myGov is the real deal or a scam? Here are some key things to look out for:
  • Unsolicited emails or SMS messages with links: The ATO and Services Australia have made it clear—they will never send you an email or text with a link asking you to log in, provide personal information, or share your password.
  • Requests for personal or financial information: If you’re being asked for your driver’s licence, credit card details, or other sensitive info, it’s almost certainly a scam.
  • Urgent or threatening language: Scammers often try to create a sense of urgency to get you to act without thinking.
  • Suspicious sender addresses: Even if the email looks official, check the sender’s address carefully. Scammers often use addresses that are close to, but not exactly, the real thing.
If you ever receive a message that seems suspicious, don’t click any links or provide any information. Instead, log in to your myGov or ATO account by typing the address directly into your browser, or use the official app. Any legitimate communication about your tax affairs will be waiting for you there.

If you think you’ve received a scam message, or if you’ve accidentally given out your details, contact the ATO directly and report the incident to Scamwatch. The sooner you act, the better your chances of minimising any damage.

You can view the photos of the phishing scam emails here.

Read next: Is the ATO messaging you more than usual? Here are some things to watch out for during tax season

Key Takeaways

  • A new, highly sophisticated ATO phishing scam is targeting Australians during tax season, using fake myGov emails to steal personal and financial information.
  • The scam stands out for its ability to bypass two-factor authentication (2FA), tricking victims into providing SMS verification codes and sensitive details like driver’s licence numbers and credit card information.
  • Phishing scams like this are on the rise, with the ATO reporting a 300% increase in scam emails and nearly $13.7 million in losses in the first four months of 2025 alone.
  • The ATO and Services Australia remind Aussies they’ll never send unsolicited emails or SMS messages with links or requests for login details, and urge anyone suspicious to contact the ATO directly or report scams to Scamwatch.

We know many of our members have been on the receiving end of scam attempts—some more convincing than others! Have you received a dodgy email or text claiming to be from the ATO or myGov? Did you spot the scam, or did you nearly get caught out? Share your experiences in the comments below!
 
  • Like
  • Angry
  • Wow
Reactions: Cheezil, natalielocket, 7777 and 11 others
Click to expand...

Seniors Discount Club

Sponsored content

Info
Loading data . . .
Once again..
If anyone falls for this then they are plain and simply stupid and deserve to lose everything they have.
Simple: DO NOT CLICK ON ANY LINK!
If you get this email or text simply delete it and go straight to your MyGov account and check it out..
 
  • Like
  • Haha
Reactions: Doug Cameron, MariaG, Iggydi and 10 others
Absolutely! A couple of years ago, I started with a new employer, and requested they use my current Superannuation account. Of course they didn’t, and they opened a new Super account. Anyway, I had to merge my Super accounts, and get rid of the new one, all thru MyGov. Next morning, I had an email from MyGov, saying there was a new message, and without thinking I clicked on the link to log in to myGov. I canned it all when I was then prompted for personal info, scam, scam, scam! I had to contact myGov and ATO and scamwatch and Super and Medicare and my Bank ….. it took me all day dealing with it all, changing passwords, including setting extra secret passwords with Super and Medicare and Bank just in case I’d been hacked, also had to delete myGov and create a new account. I learned the hard way, get out of email and go to the website or App and log in! So annoyed, it would never have happened if my written instruction to my new employer had been followed regarding my existing Super account. Grrrrrr.
 
  • Wow
  • Like
  • Sad
Reactions: Seia Ibanez, Cheezil, Iggydi and 7 others
BruceC said:
Once again..
If anyone falls for this then they are plain and simply stupid and deserve to lose everything they have.
Simple: DO NOT CLICK ON ANY LINK!
If you get this email or text simply delete it and go straight to your MyGov account and check it out..
Click to expand...
BruceC, I couldn't agree more. NEVER EVER click on email links!!
 
  • Like
Reactions: Jest, Iggydi and Rickcb63
BruceC said:
Once again..
If anyone falls for this then they are plain and simply stupid and deserve to lose everything they have.
Simple: DO NOT CLICK ON ANY LINK!
If you get this email or text simply delete it and go straight to your MyGov account and check it out..
Click to expand...
My apologies for being rude and insulting but once again Bruce, do you think the world would be a better place if everyone was as clever as you? FFS, be careful you don't trip over your own ego.
 
  • Like
  • Haha
Reactions: Miss Chris, Radiant, 7777 and 9 others
I have had a few of these ATO and Centerlink emails, they go straight into scams. And if necessary I go to the real website and check. Just cannot be too careful with everything now. You seem to be spending you time putting things into scam folder or forwarding to scamwatch.
 
  • Like
Reactions: Iggydi, PattiB, Rickcb63 and 3 others
The way it is going we will have to go back to the folding stuff & a passbook & walk into the bank. I remember a show where they raided an office block in Singapore caught & arrested the ringleaders & gave them bail & were never seen again. They need to be like Monopoly don't collect $200 go straight to jail.
 
  • Like
Reactions: cherawyn, 7777, Iggydi and 3 others
My 84 year old husband was fooled and didn't suspect it was not the genuine site so he clicked to open. However he then asked me to see what it was about as he has trouble sometimes understanding Government messages.
I immediately realised it was fake and told him to access his real account. In his panic he forgot his password and ended up getting locked out. As I cannot go into his account we made an appointment and went to our nearest Centrelink office. The lady there couldn't open his account either so we had to close it down completely and then open up a new account but then that wouldn't let him access either. Thank goodness we were in Centrelink with an official customer service person.
Finally, on yet another attempt with a second customer service person helping, we got him a new account. I then asked that NO EMAILS be sent to him asking him to read messages in his account etc. and all messages, reminders, information for him comes via Australia Post to our mailbox.
It was fortunate that I am still thinking clearly and know how to check where emails really come from. Without me, my husband could have been totally scammed into giving access to his My Aged Care/Centrelink, Pension and Bank details. Fortunately, his confusion when dealing with anything official looking, especially from Government caused his lock out but I wonder how many others have been fooled into opening the link.
 
  • Like
  • Sad
  • Wow
Reactions: Iggydi, PattiB, Athena E. and 4 others
When I get any sms messages from the government I never click on that message, I go and check my app. If I see it has a message for me then I know it is legit. But I have learnt that it doesn't have any number next to it , I just delete the message.
If I am unsure then I just forward all of them to my son. He receives all the messages / scams to check out what it says. Always he repeats in big bold letters WHATEVER YOU DO DON'T CLICK ON IT. I am very fortunate to have him as my sounding board.
 
  • Like
Reactions: Liag, MariaG, 7777 and 5 others
EILEEN W said:
My 84 year old husband was fooled and didn't suspect it was not the genuine site so he clicked to open. However he then asked me to see what it was about as he has trouble sometimes understanding Government messages.
I immediately realised it was fake and told him to access his real account. In his panic he forgot his password and ended up getting locked out. As I cannot go into his account we made an appointment and went to our nearest Centrelink office. The lady there couldn't open his account either so we had to close it down completely and then open up a new account but then that wouldn't let him access either. Thank goodness we were in Centrelink with an official customer service person.
Finally, on yet another attempt with a second customer service person helping, we got him a new account. I then asked that NO EMAILS be sent to him asking him to read messages in his account etc. and all messages, reminders, information for him comes via Australia Post to our mailbox.
It was fortunate that I am still thinking clearly and know how to check where emails really come from. Without me, my husband could have been totally scammed into giving access to his My Aged Care/Centrelink, Pension and Bank details. Fortunately, his confusion when dealing with anything official looking, especially from Government caused his lock out but I wonder how many others have been fooled into opening the link.
Click to expand...
 
  • Like
Reactions: Radiant
One thing to look for when you receive any email is whether it refers to you as an anonymous individual. In other words, if the email begins with "Hi" or uses part of your email address, for instance, "Hello MRChips," you can immediately become suspicious. A government email, if they used one, would start with your full name, address, and be spelled correctly. Thought this might help.
 
  • Like
Reactions: Liag, Radiant, 7777 and 4 others
It is amazing how stupid people can be. Government agencys clearly inform in their emails that never to click on a link and that they will never ask for personal information in an email. The agency will send email saying to log into the relevant Government agency or phone them on a government phone number.
There needs to be an advertising campaign by Government about this - pit on TV, Bill boards and every Government website in big bold letters.
 
  • Like
Reactions: PattiB and Mr Chips
You must log in or register to reply here.

Join the conversation

News, deals, games, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.
Register Now Member Login

Seniors Discount Club

The SDC searches for the best deals, discounts, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.
  1. New members
  2. Jokes & fun
  3. Photography
  4. Nostalgia / Yesterday's Australia
  5. Food and Lifestyle
  6. Money Saving Hacks
  7. Offtopic / Everything else
Full Forum Listing

Latest Articles

  • We believe that retirement should be a time to relax and enjoy life, not worry about money. That's why we're here to help our members make the most of their retirement years. If you're over 60 and looking for ways to save money, connect with others, and have a laugh, we’d love to have you aboard.
  • Advertise with us

Main Menu

Home Privacy policy Terms and rules Contact us

User Menu

Login

Enjoyed Reading our Story?

  • Share this forum to your loved ones.
Community platform by XenForo® © 2010-2023 XenForo Ltd. | Style and add-ons by ThemeHouse | Please note that no information we provide constitutes financial advice. The Seniors Discount Club is a free resource, supported by advertising. We're committed to being 100% transparent & honest about where we make money. If you see an asterisk (*) next to one of our links, it means we have a commercial relationship with that business. SDC may receive a commission on purchases made through our Amazon links. | The Seniors Discount Club is not affiliated with any Australian State and Territory governments. If you are are looking for your state or territories official programs, please select one of the following links: NSW VIC SA WA TAS QLD NT ACT | Media embeds via s9e/MediaSites
Top Bottom
Back
Change Weather Postcode×
Change Petrol Postcode×