Warning: Fraudsters are using fake myGov profiles to hack ATO accounts!

Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


pexels-photo-7111520.jpg
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


pexels-photo-5935791.jpg
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


pexels-photo-8862298.jpg
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to authorities and waiting for weeks to get a response as to what happened .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
 
Sponsored
Very confused & don't really understand what/how has happened, but it's all very scarey! So was her house sold & funds for it collected by the fraudsters? Story is sketchy in info.
Did she lose money & not get her tax refund because fraudsters got it instead? Did she get any money she lost returned? Most importantly how do we avoid this happening to us when its so unclear what has actually happened here?
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to the police, creating a new bank account, and informing her super fund of potential fraud .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
Very confused & don't really understand what/how has happened, but it's all very scarey! So was her house sold & funds for it collected by the fraudsters? Story is sketchy in info.
Did she lose money & not get her tax refund because fraudsters got it instead? Did she get any money she lost returned? Most importantly how do we avoid this happening to us when its so unclear what has actually happened here?
It wasn't her house they just used her Gov a/c to not have to pay tax on the profit I think
 
These bloody fraudsters sure seem to be willing to put in the effort to not get caught whilst the authorities seem pretty lacklustre in their response. You would have thought they'd be red hot in blocking and researching this stuff but they seem to be almost willing to let huge amounts through. :mad:
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to the police, creating a new bank account, and informing her super fund of potential fraud .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
Hello, This story is difficult to follow. But, evenso, its conveys the impression that it is getting extremely difficult to know who to trust and when you have been scammed, in spite of all the precautions that are being issued. The average person on the street doesn't stand a chance of not getting badly bitten. Our is a corrupt world indeed 🥱😩
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to the police, creating a new bank account, and informing her super fund of potential fraud .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
It’s unbelievable how these things happen, it’s a shame these people who must be very intelligent don’t use their knowledge to do good not criminal.
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to the police, creating a new bank account, and informing her super fund of potential fraud .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
I have not, nor ever will have $25,000 due in refunds, The fraudster has most likely laundered dirty money through her account. I say this because you have to have put the money in before you can take it out. $25,00 in refund represents a GST deposit of at least $25,000 or a reported gross income of about a half a million with expenses totalling close to all that. In both of these cases it is a business BUT "Sue" is an employee. Slack oversight by the ATO.
 
  • Like
Reactions: Ricci and paulamc52
I had a similar thing happen. I consider myself extremely careful with personal data and online security, but hackers were able to access my ATO account, reactivate a company I had closed more than 15 years ago, and change all contact details. The hackers then made two claims totalling over $20,000 during the pandemic - presumably some form of Government assistance offered at the time.
I only found out when I accessed myGov and saw the two claims listed, and a note from the ATO saying I was late in making a third claim. I contacted the ATO (hours waiting, only to be bounced around between departments), the police (who said they couldn't help because it had already been referred to the ATO), my Banks (who could only note my call, but not take action), online scam reporting sites like IDCare, ReportCyber, etc. (all I received were "no reply" emails from IDCare and ReportCyber implying that I was at fault, and suggesting I contact support services if I had mental health issues).
No-one followed up to let me know what was going on. or provided any form of result from whatever investigations were carried out. Everything went into a black hole.
I can only hope the perpetrators (hackers or inside job) get caught and severely punished, but I guess I'll never know.
 
I had a similar thing happen. I consider myself extremely careful with personal data and online security, but hackers were able to access my ATO account, reactivate a company I had closed more than 15 years ago, and change all contact details. The hackers then made two claims totalling over $20,000 during the pandemic - presumably some form of Government assistance offered at the time.
I only found out when I accessed myGov and saw the two claims listed, and a note from the ATO saying I was late in making a third claim. I contacted the ATO (hours waiting, only to be bounced around between departments), the police (who said they couldn't help because it had already been referred to the ATO), my Banks (who could only note my call, but not take action), online scam reporting sites like IDCare, ReportCyber, etc. (all I received were "no reply" emails from IDCare and ReportCyber implying that I was at fault, and suggesting I contact support services if I had mental health issues).
No-one followed up to let me know what was going on. or provided any form of result from whatever investigations were carried out. Everything went into a black hole.
I can only hope the perpetrators (hackers or inside job) get caught and severely punished, but I guess I'll never know.
Oh how awful for you to go thru thus & such a lack of support from the greedy ones that make an enormous income from us peasants! So did you actually lose any money or did the fraudsters only make money from your ATO or MyGov info?
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to authorities and waiting for weeks to get a response as to what happened .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
These funds are transferred to an account number
why cant it be traced to the a/c and bank I mean there are forensic investigators
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to authorities and waiting for weeks to get a response as to what happened .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
I have to wonder as to the legitimacy of this story. As if her accountant would not be aware that "Sue" didn't own a property in Footscray. Would she not have been using this as a depreciation in her past tax assessments?
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to authorities and waiting for weeks to get a response as to what happened .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
Bloody parasite scum and the ATO get off your arses and stop this sort of thing digital age are we better off NO need to go back to cash and paperwork stuff digital it's crap
 
  • Like
Reactions: Ricci and Cheezil
Can't help agreeing. Digital isnt all bad, but these organizations could do a lot more to avoid or at least assist!
 
  • Like
Reactions: Ricci
Very confused & don't really understand what/how has happened, but it's all very scarey! So was her house sold & funds for it collected by the fraudsters? Story is sketchy in info.
Did she lose money & not get her tax refund because fraudsters got it instead? Did she get any money she lost returned? Most importantly how do we avoid this happening to us when its so unclear what has actually happened here?
I agree it is not making a lot of sense!

You would seriously believe that there were more safety measures that would be put in place for consumers of data sensitive material especially these days! Surely it ought to be a key responsibility of these organisations to ensure adequate safety measures ?!
 
Sue (not her real name), a recently retired member of the banking and finance industry, was in the middle of discussing a routine tax return with her accountant when he congratulated her on the sale of her house in Footscray, VIC.

But she didn’t own any house in Footscray, much less sell it.

The innocent comment prompted Sue to take a closer look at her records, and what she and her accountant discovered painted a grim picture.


Someone set up a fake ATO account by somehow accessing her existing one, impersonating her, and filing five refunds amounting to a total of $25,000.

But Sue was puzzled as she did her due diligence in avoiding criminals accessing her information online: she never clicked on unfamiliar links, never disclosed sensitive information like passwords, made sure to have her myGov and ATO accounts open only on one device (which she religiously scans for malware and viruses), and even shredded her physical receipts.

In addition, for the months prior to that fateful session with her accountant, she never received any one-time pin (OTP) usually sent to account owners of myGov and ATO when they open their accounts.


View attachment 10681
A routine tax procedure ended up giving Sue the shock of a lifetime. Stock Image Credit: Pexels/Tara Winstead


‘We found that the address, the (bank) account number, the telephone number, (and) the email had all been changed,’ Sue said.

She then called the ATO for prompt action but much to her dismay, what happened next left much to be desired.

‘I think it was about three hours I sat in my poor accountant’s office that day,’ she recalled.

Sue said the ATO was able to lock her account, but was told essentially it was all up to her when she asked if the tax office would be able to inform authorities on her behalf about the newly-discovered fraud.

This included telling UBank, where the fraudster had funnelled the $25,000 in tax refunds that she never filed.

‘The answer to that was no, that was entirely up to me,’ she said.


What’s more, Sue was also told to wait for an ATO case manager to be in touch with her — and it was too long to bear.

‘The time period in which they were likely to even start investigating was indicated to be around about three weeks,’ Sue said.

‘So whoever's perpetrating this could be long gone before they even look.’

Sue then reached UBank herself, but after hours on the phone, all she had for her efforts was an instruction to write to the bank’s parent company, the National Australian Bank.

After weeks of waiting, Sue finally got a response from the ATO and was given a clear picture of what transpired.


View attachment 10680
Somehow, fraudsters managed to leech $25,000 in total from Sue despite her diligence. Stock Image Credit: Pexels/Sora Shimazaki


On September 24, a fraudster created a bogus myGov account and linked it to her ATO account using her tax file number (TFN), her birthday, and another unspecified credential.

The fraudster then changed her personal details, and cut off her original myGov account. This action inevitably barred her from receiving any notice of changes to her ATO account as well as receiving an access code before logging in.

Sue claims the ATO representative who informed her of what happened told her ‘there are lots of fraudulent myGov accounts accessing tax files’.


According to the ABC, Services Australia confirmed that only an email address is required to create a myGov account. In addition, no proof of identity is needed and there is no limit to how many accounts can be opened.

Still, Sue was left questioning how anyone could have accessed her TFN — even with what she called ‘a gaping hole’ in opening a myGov account.

She is also a victim of the Optus data breach, but to the best of her knowledge TFNs were not among the information leaked in the cyber attack.

It was also revealed that in transferring money, fraudsters took out amounts small enough to evade attention while using multiple accounts as destinations.

The fraudsters changed her bank details in between transactions too as an added measure.


View attachment 10682
Sue can’t help but feel disappointed with proceedings on her case. Stock Image Credit: Pexels/cottonbro studio


But wouldn’t the rapid changes have been flagged at any point? Well, according to Sue, the ATO told her they didn’t see anything suspicious right up until she reported her situation.

They have since stepped up their detection measures and maintain that the measures in place are ‘robust’, but Sue can’t help but feel like the response she got was lacking and that the ATO should be more alarmed.

‘Most people aren't even going to look at their tax accounts until next July,’ Sue said.

‘If this is actually a whole lot of other people as well... they're never even going to know this is happening. This could be going on willy-nilly until (then). ‘

‘It could be millions of dollars, or even worse. As taxpayers, we're all going to end up wearing that.’

Be sure to check your ATO accounts, members!
Key Takeaways

  • Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report.
  • A woman named Sue (not her real name) found that about $25,000 was funneled from her account without her knowledge while on a routine procedure with her accountant.
  • Following the account breach, Sue was forced to go through the arduous process of reporting it to authorities and waiting for weeks to get a response as to what happened .
  • ABC found alarmingly few restrictions around creating bogus myGov accounts.
  • This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
In related news, Aussies are also being warned of a scam text targeting myGov users that can trick people out of their sensitive information.

Be sure to check out stories at our Scam Watch forum to be updated on the latest ways these nasty buggers want to swindle our hard-earned money.

So, what is your reaction to Sue’s story?

Tell us below!
I think there are several scams out there doing that. I was asked online to provide my Mygov login details so that the person could do a tax return. This rang warning ⚠️ bells 🔔 immediately and I stated (which was true) I do not do a tax return on line for this reason.
 
  • Like
Reactions: Ricci
I agree it is not making a lot of sense!

You would seriously believe that there were more safety measures that would be put in place for consumers of data sensitive material especially these days! Surely it ought to be a key responsibility of these organisations to ensure adequate safety measures ?!
I agree, after all, we've all seen or heard stories of people - on low income - who have "owed" money to the ATO or Centrelink who've been chased down by these two corporations ruthlessly wanting their blood.
 
  • Like
Reactions: Thecla and Ricci

Join the conversation

News, deals, games, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.
  • We believe that retirement should be a time to relax and enjoy life, not worry about money. That's why we're here to help our members make the most of their retirement years. If you're over 60 and looking for ways to save money, connect with others, and have a laugh, we’d love to have you aboard.
  • Advertise with us

User Menu

Enjoyed Reading our Story?

  • Share this forum to your loved ones.
Change Weather Postcode×
Change Petrol Postcode×