Finance professionals are often the target of scams but they can do a lot to stop online scammers. Here’s how to avoid being the victim of a tax scam.
Fraud attempts are as old as commerce, but the number and variety have shown a marked increase in the past year in Australia, and the trend shows no sign of easing. According to figures from Scamwatch (part of the Australian Competition and Consumer Commission), Australians lost more than A$10 million in 2018 due to online scams.
A major growth area is the so-called “impersonation scam”, where scammers pretend to be a representative of a government agency, often the Australian Taxation Office (ATO).
ATO assistant commissioner Karen Foat notes that in 2018 there were 114,625 ATO-impersonation scam reports, and 843 taxpayers paid A$2,844,092 to scammers – a significant increase over previous years.
“Even these figures are not indicative of the true volume of scam calls impacting the Australian community,” says Foat. “Some people might not report being contacted by scammers and some may not realise that the contact was a scam.”
Watch out for potential scams targeting ASIC customers
Tax scam software
The scammers frequently use software to project a legitimate phone number on caller ID to disguise the caller’s identity, or initiate a three-way telephone conversation between the scammer, the victim and another scammer who claims to work in the same office as the victim’s tax agent.
The ATO is currently aware of a large-scale telephone campaign whereby scammers tell the target that they are in breach of the tax law, that a warrant is outstanding for their immediate arrest, and that an urgent payment must be made.
“We are also seeing the emergence of a new tactic, where scammers are spoofing an ATO number to send fraudulent SMS messages to taxpayers,” says Foat.
“The scammer tells the victim they are due for a tax refund, and asks them to click on a link and supply their personal details in order to receive it. This scam is not just targeting your money but is trying to steal your identity.”
New targets for scams
Tax agents and other financial service providers have also been targets for scams and cyber incidents (such as malware and phishing) due to the large amount of personal and financial information they hold.
The Tax Practitioners Board (TPB) recently warned of a scam involving a fake telephone call from scammers using technology that impersonates a legitimate TPB telephone number.
Scammers impersonate ATO phone numbers
In some cases, the scammers asked for, or demanded, credit card payment over the phone – something which, the TPB warning emphasises, flags the call as a scam.
The ATO has also had to contend with scammers impersonating registered tax agents, as a way to lend credibility to the scam. Registered tax agents and other finance professionals should make a point of informing their clients of these scams and should provide advice on appropriate responses and reporting.
Online behaviour change is needed
Damien Manuel, director of the Centre for Cyber Security Solutions at Deakin University, explains that scammers are often very good at psychological manipulation.
“Some work to build rapport and others will use fear to create a sense of urgency that tricks people into making irrational decisions,” he says.
“Simply being aware that scams are out there is not enough. We also need to change our behaviour online.”
He believes that humans are naturally inquisitive but emphasises that curiosity should not extend to responding to an SMS from an unknown source, clicking on an uninvited email message, or believing everything a stranger says.
This applies even if the stranger appears to be offering money, a prize, a free upgrade, or delivery of goods you do not recall ordering.
“The more sophisticated players will use data they have collected from other data breaches to tailor the message to the potential victim,” Manuel says.
“This might include using full names, providing addresses or even in some cases telling you what your passwords are. These are used to add legitimacy to the email or phone call.”
However, there is a recurring weakness in scams: the payment method. Scammers will often demand payment through a credit card, pre-paid deposit card, gift card, a cryptocurrency, or to a private bank account.
Manuel’s advice is to remain wary, always be willing to double-check, and report anything that sounds even slightly off-key.
Foat takes the view that one of the best defences is a good knowledge of your own financial position, including your tax status, so that threats or promises do not ring true.
“Scammers constantly adapt their scams to capitalise on new technology or breaking news,” she says.
“Anyone can become a victim, regardless of age, gender or education level. But finance professionals can do a lot to help their clients, through warnings and appropriate advice.
Everyone is a target but not everyone needs to be a victim.”
Numbers game: SIM swaps
The Telecommunications Industry Ombudsman (TIO), Judi Jones, has issued a warning about a fraud known as “SIM swaps”, which involves the theft of mobile phone numbers.
In the scam, a fraudster convinces a victim’s service provider to switch the number to a new SIM card in the fraudster’s possession. The scammer can then use it to access the victim’s bank account, emails and other online information. Some consumers have reported losing thousands of dollars.
Jones has noted that many service providers previously had a low bar for identity verification. Since the TIO drew attention to this issue, most providers have introduced new security procedures, including two-factor authentication.
“We welcome the industry’s continued work towards robust identity verification procedures. It is important to ensure these procedures keep up with evolving risks,” says Jones.
The TIO has also issued a guidance note.
Further information on scams and how to report them:
6 tips to foil a whaling scam