As the 2013 financial year comes to a close, the joys of tax season kick off. And while you’re busy gathering documentation and filing your return, it’s pedal to the metal for scammers, phishers and criminals. As you scramble for receipts, they’re brushing off their fraud campaigns, keen to dupe you into handing over your identity and hard earned money.
It’s a lucrative and growing business. The Australian Taxation Office (ATO) received 26,000 reports of scam emails related to tax in 2012. In the first quarter of this year, the number was 11,000 — three times as many as this time last year.
Tax time is a profitable time for scammers – you might recall how last August around 70 million emails were pinged out purporting to be from the ATO and warning recipients of a problem with their tax return. Approximately 8000 people visited the phishing website.
This tax season, it pays to be vigilant. Whether you are going to do your taxes yourself or go to an accountant, file using e-tax or rely on Australia Post, below are some tips to keep you safe from unscrupulous scammers this year.
• Watch out for tax-related emails in your inbox or messages on social networking sites. The ATO will not email you or post on your Facebook wall. If you are getting messages via email, it’s most likely a phishing scam, no matter how authentic it may look. Just remember that no legitimate bank or tax preparation service would ask a user to enter sensitive information, such as bank account information or your Tax File Number (TFN), into a pop-up screen or ask for it over email. Delete the email or send it through to the ATO’s email fraud team.
• Don’t download documents sent to you via email, either. One click to open the file, and you may wind up with a really hard to remove malware on your computer. Even if you think it’s someone you trust, call them first and make sure they actually sent you that file or link.
• If you are looking for a specific form or information, don’t hit the search engines. Go to the ATO website and search there directly instead. Many criminals register addresses with similar names to legitimate sites to lure unsuspecting victims. Any file you get from these fake sites are likely to be malicious. The money you would hand over is nice but the big dollars are in stealing your identity.
• The next step is to make sure your tax preparer, whether it’s a company or an online service, is legitimate. The Australian Tax Practitioners Board can let you know if your tax agent is registered. You can also select the online service based on how secure they are, such as offering two-factor authentication and anti-malware services. Any preparation site you wind up using must use SSL encryption—you can check by making sure the address bar has HTTPS, and not the insecure HTTP. Some browsers may display a padlock icon instead. While going through the site, make sure the address stays the same—if it changes, you’ve likely been hijacked and your data is no longer safe.
• And of course, make sure the software running on your computer—the operating system, security software, Web browser, software applications—are all regularly updated and patched. Information-stealing malware crawl the hard drive looking for documents with sensitive information. As soon as you file your tax return, save it onto an external drive or burn it onto a DVD and store it offline in a secure location.
• Stay aware and scrutinise everything you do so that you don’t fall for one of those scams.
Scott McKinnel is the ANZ managing director for Internet security company Check Point Software Technologies – maker of ZoneAlarm antivirus and firewall products.