Tax time is stressful enough without having to worry about scammers lurking in your inbox—but unfortunately, that’s exactly what’s happening this year.

A new, highly sophisticated phishing scam is making the rounds, and it’s targeting Australians right when we’re most likely to be expecting official messages from the ATO or myGov.

Even if you consider yourself pretty tech-savvy, this scam is clever enough to fool just about anyone—and it’s even designed to get around two-factor authentication (2FA), which many of us rely on for extra security.

This isn’t your run-of-the-mill, typo-riddled scam email. According to cybersecurity experts at MailGuard, the scam starts with a very convincing email that appears to come from the ATO.

The subject lines are designed to grab your attention—think 'New mail In' or 'Urgent new notification in your account inbox.' The message is polite, urgent, and looks exactly like something you’d expect to see during tax season.

The email urges you to click a link to 'review' a message or claim a refund. If you do, you’re taken to a fake myGov login page that’s almost indistinguishable from the real thing.

Here’s where it gets really sneaky: after you enter your myGov username and password, the site asks for your SMS verification code—just like the real myGov site would. This is a deliberate move to bypass 2FA, a security measure that’s supposed to keep your account safe even if your password is stolen.

A new, highly sophisticated ATO phishing scam is targeting Australians during tax season, using fake myGov emails to steal personal and financial information. Image source: Ed Hardie / Unsplash.

But it doesn’t stop there. The fake site then asks for even more personal information, including your full name, date of birth, address, driver’s licence number, and credit card details. In other words, everything a scammer needs to steal your identity or drain your bank account.

'It’s a textbook example of psychological manipulation. The message is urgent, polite, and familiar — exactly what someone would expect during tax season. But one click opens the door to identity theft and financial fraud,' said MailGuard CEO Craig McDonald.

The timing of this scam is no accident. As McDonald explains, 'Cybercriminals are opportunists. They exploit timing, behaviour, and platform trust. During tax time, Australians expect emails from the ATO or myGov and that expectation becomes a vulnerability if not protected.'

With millions of Australians preparing and lodging their tax returns, scammers know we’re on the lookout for official messages. That’s why their emails are so convincing—and why so many people are falling for them.

Also read: Tax office exposes scams that mislead super members

This isn’t an isolated incident. The ATO has reported a staggering 300% increase in scam emails compared to the same period last year.

In just the first four months of 2025, phishing scams have cost Australians nearly $13.7 million—almost triple the losses reported in early 2024. While the total number of scam reports has dropped, the amount of money lost is skyrocketing, showing just how effective these new scams have become.

It’s not just individuals who are at risk, either. Businesses are also being targeted, with scammers using similar tactics to try to access sensitive financial information.

So, how can you tell if that email from the ATO or myGov is the real deal or a scam? Here are some key things to look out for:

• Unsolicited emails or SMS messages with links: The ATO and Services Australia have made it clear—they will never send you an email or text with a link asking you to log in, provide personal information, or share your password.
• Requests for personal or financial information: If you’re being asked for your driver’s licence, credit card details, or other sensitive info, it’s almost certainly a scam.
• Urgent or threatening language: Scammers often try to create a sense of urgency to get you to act without thinking.
• Suspicious sender addresses: Even if the email looks official, check the sender’s address carefully. Scammers often use addresses that are close to, but not exactly, the real thing.

If you ever receive a message that seems suspicious, don’t click any links or provide any information. Instead, log in to your myGov or ATO account by typing the address directly into your browser, or use the official app. Any legitimate communication about your tax affairs will be waiting for you there.

If you think you’ve received a scam message, or if you’ve accidentally given out your details, contact the ATO directly and report the incident to Scamwatch. The sooner you act, the better your chances of minimising any damage.

You can view the photos of the phishing scam emails here.

Read next: Is the ATO messaging you more than usual? Here are some things to watch out for during tax season

Key Takeaways

• A new, highly sophisticated ATO phishing scam is targeting Australians during tax season, using fake myGov emails to steal personal and financial information.
• The scam stands out for its ability to bypass two-factor authentication (2FA), tricking victims into providing SMS verification codes and sensitive details like driver’s licence numbers and credit card information.
• Phishing scams like this are on the rise, with the ATO reporting a 300% increase in scam emails and nearly $13.7 million in losses in the first four months of 2025 alone.
• The ATO and Services Australia remind Aussies they’ll never send unsolicited emails or SMS messages with links or requests for login details, and urge anyone suspicious to contact the ATO directly or report scams to Scamwatch.

We know many of our members have been on the receiving end of scam attempts—some more convincing than others! Have you received a dodgy email or text claiming to be from the ATO or myGov? Did you spot the scam, or did you nearly get caught out? Share your experiences in the comments below!

 

[alistev]

yes the Mygov ones arfe very frequent. one yesterday sais they had deducted money from my account.... Have to admit some are very hard to pick first up.

 

[Making Austr.sad again]

If elderly get to call stupid after they’re done honest mistake what should the other generations be called if they do the same mistake? A smarties? Well they will be elderly too one day and taking over specific names from these smarties. Guess the technology is rapidly changing and smarties will be always only smarties…

 

[meighLeigh]

Advice given over and over again by banks, by the government, even on TV. Probably also on the radio.
'You can't cure stupid' - but full marks for trying

 

[7777]

If elderly get to call stupid after they’re done honest mistake what should the other generations be called if they do the same mistake? A smarties? Well they will be elderly too one day and taking over specific names from these smarties. Guess the technology is rapidly changing and smarties will be always only smarties…

Dear member Making Austr.sad again, thankyou for your post. I agree with your opinion. Yes, I believe that the other generation think that they are smarties, however, what they really are, is disrespectful and lost for decent thoughts. They find that the only way they can inflate their pathetic egos, is by calling the elderly stupid for doing an honest mistake. These young smarties have no decent upbringing and lack self confidence and respect for the elderly. I feel sorry for these so called smarties, because they are unaware of how low they degrade themselves within society when calling the elderly stupid. These smarties have no education, no morals and lack the ability to communicate in a respectful and decent manner. Wishing you a pleasant day.

 

[Jules57]

I’ve received one text message and one email. Fortunately just remembered in time not to click on the text. It would be easy to do if you’re side tracked minding grandchildren etc.

I do love some of the texts though, like you have 100,0029 reward points that are going to expire but sadly I’m not a Combank customer.

 

[Jules57]

Advice given over and over again by banks, by the government, even on TV. Probably also on the radio.
'You can't cure stupid' - but full marks for trying

What is scary is scammers copying shopping sites as well even Temu from what I’ve heard.

 

[Veggiepatch]

If elderly get to call stupid after they’re done honest mistake what should the other generations be called if they do the same mistake? A smarties? Well they will be elderly too one day and taking over specific names from these smarties. Guess the technology is rapidly changing and smarties will be always only smarties…

That's discriminatory!

What about all the M&Ms out there??

 

[Veggiepatch]

What is scary is scammers copying shopping sites as well even Temu from what I’ve heard.

How can scammers copy a scammer site?

That's a new twist!

 

[Mikeyboy2012]

I've received a number of these nasties. I was very suspicious, so did not open.

To check if any messages were sent, I went direct to my MyGov account to see if any actions were required from any services connected, which there was none!!!

I’ve also receive scam email supposedly from other major accounts which have been fake and has been reported and senders blocked countless times, but like a hidden nest of vermin, keep crawling in, usually to the junk mail, but at times seep into my main inboxes.

Always go to a direct account if unsure to check if a message is genuine ----- NEVER just CLICK ON ??? LINKS

Absolutely spot on!

 

[Aquired Taste]

Even if you ignore an email that is actually a real notification, the fact that scams are so prevalent any jurisdiction will understand why the demand was ignored, especially if you are old. Err on the side of caution. You won't go to jail.

 

[Dynomite]

Absolutely spot on!

Yes. That is what I do too. Saves stress.

 

[7777]

How can scammers copy a scammer site?

That's a new twist!

I guess you are showing your stupidity..
Where have I ever stated that the scammers are innocent?
Yes actually they are obviously the intelligent ones as all the fools who fall for the scams are the stupid ones…

Dear member BruceC, thankyou for your post. I used the words "scammers are innocent ". reason being as you made out in your post, that the one who responds to scams, is the one who is in the wrong, implying they chosen to do the wrong by choice. This then makes the scammers innocent, as they did not force the person to click and respond to the scam. In reality, the scammers are guilty all the way, and we just happen to be living in an era, where scammers are taking advantage of those who believe in honesty, and respect for our fellow human being. Wishing you a pleasant day.

 

[Isis]

Dear member BruceC, thankyou for your post. Just because the elderly are trusting of people, please don't lable them as simply stupid and deserve to loose everything they have, as you have stated in your post. These words are very degrading and disrespectful, no one deserves to loose everything they have, because they placed their trust into a strange email. The elderly are not as tech savvy as you might be. Please, show respect to the elderly who have experienced so much throughout their lives both good and bad. Don't mock their inability to recognise a scam. Who knows, technology could soon become even more advanced, placing you in a vulnerable situation. I don't think you would appreciate being called, simply stupid and deserve to loose everything you ever had. We can learn so much from the elderly, please, show respect and dont mock those who fall victim to scammers, because it is happening to people all over the world, both to the young and the elderly. Wishing you a pleasant day. God bless,

Same here, thank you for that wellsaid answer. I am 85 ok so far but still possible a scam comes my way that i fall for to see that comment would upset me greatly.

 

[Cheezil]

If you fall for any scam the you are stupid…

And you are an ar*hole with that attitude!

 

[Cheezil]

so far i have remained savvy and safe.

Yes, same but it can be easy to get caught out when we're in a rush, distracted etc- some people here are just plain rude these days, even smart people can get caught unfort

 

[7777]

Same here, thank you for that wellsaid answer. I am 85 ok so far but still possible a scam comes my way that i fall for to see that comment would upset me greatly.

Dear member Isis, wishing you many happy blessings, good health and happiness always. God bless,

 

[Cheezil]

Dear member Pec Xland, thankyou for your post. Kindly stop calling the elderly stupid because they opened an email to a scam. This is a Senior's Discount Club. So when you call one elderly stupid, you are in a sense, mocking and insulting other respected elderly who are members on SDC. Views and opinions can be expressed without insults and name calling the elderly. Calling the elderly stupid, does not raise your level of intelligence, or make you a stronger person, because you dare to be so insulting. It kind of makes people feel sorry for you, for choosing to lower your level of respect for others, and yourself. Wishing you a pleasant afternoon. God bless,

Nice reply, agree & wish I was so polite

 

[Cheezil]

Calling someone stupid is very rude!

 

[BruceC]

Advice given over and over again by banks, by the government, even on TV. Probably also on the radio.
'You can't cure stupid' - but full marks for trying

Exactly..
It’s not just the elderly that are getting caught.
The younger greedy generation looking for a quick profit who are getting caught..
And yes! The banks, Telco’s and daily Government advertising is warning people not to click on any links but the stupid people keep doing it..
Age ( elderl) is no excuse.. I am 72 and I will not click on ANY links but or respond to ANY email or message until I confirm it’s authenticity with the relevant company..
I also do not answer unknown phone numbers. If they need me they will leave a message…

 

[BruceC]

Dear member BruceC, thankyou for your post. Just because the elderly are trusting of people, please don't lable them as simply stupid and deserve to loose everything they have, as you have stated in your post. These words are very degrading and disrespectful, no one deserves to loose everything they have, because they placed their trust into a strange email. The elderly are not as tech savvy as you might be. Please, show respect to the elderly who have experienced so much throughout their lives both good and bad. Don't mock their inability to recognise a scam. Who knows, technology could soon become even more advanced, placing you in a vulnerable situation. I don't think you would appreciate being called, simply stupid and deserve to loose everything you ever had. We can learn so much from the elderly, please, show respect and dont mock those who fall victim to scammers, because it is happening to people all over the world, both to the young and the elderly. Wishing you a pleasant day. God bless,

I have no sympathy for anyone who falls for theses scams..
I am elderly 73 but I will not fall for theses scams.
For instance, I just received the attached email supposedly from the NAB bank..
It looks quite legitimate until you click on the “sender” (the part circled & underlined in red..
Youwill see that the sender is not the NAB bank but “[email protected]”
Also the NAB and every other bank will not ask to respond to their emails..
So this is a scam and if I click on it I too am an idiot and deserve to lose every cent I have.
But that will not happen.