New scam outsmarts security measures—what every Aussie should know
- Replies 80
Tax time is stressful enough without having to worry about scammers lurking in your inbox—but unfortunately, that’s exactly what’s happening this year.
A new, highly sophisticated phishing scam is making the rounds, and it’s targeting Australians right when we’re most likely to be expecting official messages from the ATO or myGov.
Even if you consider yourself pretty tech-savvy, this scam is clever enough to fool just about anyone—and it’s even designed to get around two-factor authentication (2FA), which many of us rely on for extra security.
This isn’t your run-of-the-mill, typo-riddled scam email. According to cybersecurity experts at MailGuard, the scam starts with a very convincing email that appears to come from the ATO.
The subject lines are designed to grab your attention—think 'New mail In' or 'Urgent new notification in your account inbox.' The message is polite, urgent, and looks exactly like something you’d expect to see during tax season.
The email urges you to click a link to 'review' a message or claim a refund. If you do, you’re taken to a fake myGov login page that’s almost indistinguishable from the real thing.
Here’s where it gets really sneaky: after you enter your myGov username and password, the site asks for your SMS verification code—just like the real myGov site would. This is a deliberate move to bypass 2FA, a security measure that’s supposed to keep your account safe even if your password is stolen.
But it doesn’t stop there. The fake site then asks for even more personal information, including your full name, date of birth, address, driver’s licence number, and credit card details. In other words, everything a scammer needs to steal your identity or drain your bank account.
'It’s a textbook example of psychological manipulation. The message is urgent, polite, and familiar — exactly what someone would expect during tax season. But one click opens the door to identity theft and financial fraud,' said MailGuard CEO Craig McDonald.
The timing of this scam is no accident. As McDonald explains, 'Cybercriminals are opportunists. They exploit timing, behaviour, and platform trust. During tax time, Australians expect emails from the ATO or myGov and that expectation becomes a vulnerability if not protected.'
With millions of Australians preparing and lodging their tax returns, scammers know we’re on the lookout for official messages. That’s why their emails are so convincing—and why so many people are falling for them.
Also read: Tax office exposes scams that mislead super members
This isn’t an isolated incident. The ATO has reported a staggering 300% increase in scam emails compared to the same period last year.
In just the first four months of 2025, phishing scams have cost Australians nearly $13.7 million—almost triple the losses reported in early 2024. While the total number of scam reports has dropped, the amount of money lost is skyrocketing, showing just how effective these new scams have become.
It’s not just individuals who are at risk, either. Businesses are also being targeted, with scammers using similar tactics to try to access sensitive financial information.
So, how can you tell if that email from the ATO or myGov is the real deal or a scam? Here are some key things to look out for:
If you think you’ve received a scam message, or if you’ve accidentally given out your details, contact the ATO directly and report the incident to Scamwatch. The sooner you act, the better your chances of minimising any damage.
You can view the photos of the phishing scam emails here.
Read next: Is the ATO messaging you more than usual? Here are some things to watch out for during tax season
We know many of our members have been on the receiving end of scam attempts—some more convincing than others! Have you received a dodgy email or text claiming to be from the ATO or myGov? Did you spot the scam, or did you nearly get caught out? Share your experiences in the comments below!
A new, highly sophisticated phishing scam is making the rounds, and it’s targeting Australians right when we’re most likely to be expecting official messages from the ATO or myGov.
Even if you consider yourself pretty tech-savvy, this scam is clever enough to fool just about anyone—and it’s even designed to get around two-factor authentication (2FA), which many of us rely on for extra security.
This isn’t your run-of-the-mill, typo-riddled scam email. According to cybersecurity experts at MailGuard, the scam starts with a very convincing email that appears to come from the ATO.
The subject lines are designed to grab your attention—think 'New mail In' or 'Urgent new notification in your account inbox.' The message is polite, urgent, and looks exactly like something you’d expect to see during tax season.
The email urges you to click a link to 'review' a message or claim a refund. If you do, you’re taken to a fake myGov login page that’s almost indistinguishable from the real thing.
Here’s where it gets really sneaky: after you enter your myGov username and password, the site asks for your SMS verification code—just like the real myGov site would. This is a deliberate move to bypass 2FA, a security measure that’s supposed to keep your account safe even if your password is stolen.
A new, highly sophisticated ATO phishing scam is targeting Australians during tax season, using fake myGov emails to steal personal and financial information. Image source: Ed Hardie / Unsplash.
But it doesn’t stop there. The fake site then asks for even more personal information, including your full name, date of birth, address, driver’s licence number, and credit card details. In other words, everything a scammer needs to steal your identity or drain your bank account.
'It’s a textbook example of psychological manipulation. The message is urgent, polite, and familiar — exactly what someone would expect during tax season. But one click opens the door to identity theft and financial fraud,' said MailGuard CEO Craig McDonald.
The timing of this scam is no accident. As McDonald explains, 'Cybercriminals are opportunists. They exploit timing, behaviour, and platform trust. During tax time, Australians expect emails from the ATO or myGov and that expectation becomes a vulnerability if not protected.'
With millions of Australians preparing and lodging their tax returns, scammers know we’re on the lookout for official messages. That’s why their emails are so convincing—and why so many people are falling for them.
Also read: Tax office exposes scams that mislead super members
This isn’t an isolated incident. The ATO has reported a staggering 300% increase in scam emails compared to the same period last year.
In just the first four months of 2025, phishing scams have cost Australians nearly $13.7 million—almost triple the losses reported in early 2024. While the total number of scam reports has dropped, the amount of money lost is skyrocketing, showing just how effective these new scams have become.
It’s not just individuals who are at risk, either. Businesses are also being targeted, with scammers using similar tactics to try to access sensitive financial information.
So, how can you tell if that email from the ATO or myGov is the real deal or a scam? Here are some key things to look out for:
- Unsolicited emails or SMS messages with links: The ATO and Services Australia have made it clear—they will never send you an email or text with a link asking you to log in, provide personal information, or share your password.
- Requests for personal or financial information: If you’re being asked for your driver’s licence, credit card details, or other sensitive info, it’s almost certainly a scam.
- Urgent or threatening language: Scammers often try to create a sense of urgency to get you to act without thinking.
- Suspicious sender addresses: Even if the email looks official, check the sender’s address carefully. Scammers often use addresses that are close to, but not exactly, the real thing.
If you think you’ve received a scam message, or if you’ve accidentally given out your details, contact the ATO directly and report the incident to Scamwatch. The sooner you act, the better your chances of minimising any damage.
You can view the photos of the phishing scam emails here.
Read next: Is the ATO messaging you more than usual? Here are some things to watch out for during tax season
We know many of our members have been on the receiving end of scam attempts—some more convincing than others! Have you received a dodgy email or text claiming to be from the ATO or myGov? Did you spot the scam, or did you nearly get caught out? Share your experiences in the comments below!
.png){kind=icon}
