Skip to main content

Tips to stay secure online at tax time

Tax time is a prime time for cybercriminals trying to get their hands on your money and personal details! Whether you’re a business owner, tax professional or individual, there are some simple things you can do to apply good cyber security practices and avoid tax time scams.

Most people expect some form of interaction with the Australian Taxation Office (ATO) during tax time, and scammers take advantage of this by pretending to be tax agents, law enforcement officers, the ATO and myGov to try to steal personal and financial information from unsuspecting people.

Your personal information is valuable so stop and think before sharing it with anyone, no matter how convincing the person or message may sound!

Here are our top 10 tips to help you stay one step ahead and keep safe online this tax time:

  1. Always log into myGov to check your tax messages
  • Impersonating trusted brands like the ATO or myGov is a common trick used by scammers, particularly to try and threaten people to pay fake tax debts or hand over personal details to receive a 'refund'.
  • Avoid falling victim by always logging into your official myGov account to check your tax, lodge your return, and verify if you owe a debt or are due a refund. You should do this by manually typing into your internet browser and not by clicking any links in emails or text messages, as these could be malicious links.
  • You can also check the status of your tax affairs at any time by calling the ATO on 13 28 61 or contacting your tax agent.
  1. Turn on the security code in your myGov account
  • Having a strong password on your myGov account is a great first step, but adding a security code to your login process provides an extra layer of protection – making it harder for a hacker to get any further if they crack your password.
  • The security code is a number that is sent to your mobile phone when signing into myGov and is a quick and secure way to access ATO online services.
  • To set up your security code, sign in to your myGov account and turn it on in 'Account settings'.
  1. Keep your personal information private
  • The ATO will never ask you to provide any personal identifying information in order to receive a refund.
  • Don’t give out your Tax File Number (TFN), date of birth or bank details unless you’ve checked the person you’re dealing with is who they say they are and they genuinely require these details.
  1. Think before you click
  • The ATO will never send you an email or text message with a hyperlink directing you to a log-on page for their online services.
  • You can always verify the identity of the person you’re dealing with through an independent source, such as a phone book or online search. Don't ever use the contact details provided by the caller or in the message they sent to you.
  1. Never pay tax by iTunes cards, gift cards or Bitcoin
  • The ATO will never ask you to pay your tax debt into a non-ATO bank account, via iTunes, Google Play or other pre-paid cards or with cryptocurrencies like Bitcoin.
  • Visit Australian Taxation Office for advice on correct payment options for paying tax debts.
  1. Be smart with social media
  • We’re so used to sharing our personal information online that we don’t really think who might see it. Be aware of what you share online and across social media, as this can be used by scammers when they contact you to make their approach seem more believable. They can also piece together personal details you reveal online to try and crack your passwords on important accounts, like your myGov account.
  • Change the privacy settings on your social media accounts so only friends can see your details.
  • Don’t share your Tax File Number (TFN) on social media.
  1. Stay safe when using Wi-Fi
  • Be careful about what you do online when you’re connected to a hotspot or free public Wi-Fi. While it’s OK to check the news or the weather, don’t make financial transactions like completing your tax return when you’re connected to public Wi-Fi. These networks are not secure so it’s easier for cybercriminals to intercept your information.
  • When doing tax time transactions from home or your business, ensure that your private Wi-Fi network is secure with a strong password.
  1. Keep your devices up-to-date
  • When you’re alerted to a security update for your operating system or one of your apps, don’t ignore it — install it as soon as possible. These updates aren’t just about adding new features. They’re also about fixing weaknesses that cybercriminals use to gain access to your device.
  • You should also run regular anti-virus scans to help you detect and remove malware (viruses) from your device.
  • It’s good practice to remove any apps you don’t use any more to ensure your personal info isn’t being accessed by companies you don’t deal with any more.
  1. Keep your business info safe at tax time
  • Cybercriminals can use information such as your AUSkey to commit tax fraud in your name. Beware of anyone asking you to 'confirm' your details and don’t share your details unless you’ve checked the person you are dealing with is who they say they are.
  • Business owners and tax professionals who have experienced a data breach or a breach of client records (e.g. loss of or unauthorised access of sensitive personal details) should report it to the ATO so protective measures can be placed on client accounts.
  1. Help others be cyber safe!
  • Share ATO and ACSC scam warnings with family, friends, customers and colleagues to help keep them safe online.
  • Report suspicious emails claiming to be from the ATO by forwarding the entire email to and then delete the email. Do not click on any links, open attachments or download files.
  • You can also report cyber security incidents to ReportCyber.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it