As the financial year draws to a close, Consumer Protection is urging Western Australians to be extra vigilant against tax scams, which become more common around this time.
So far this financial year (1 July 2024 to 23 June 2025), Consumer Protection’s WA ScamNet team has received 34 reports of tax-related scams, with seven victims losing a total of $48,201.
This compares with $26,627 lost by five victims in 2023-24.
Beyond the financial loss, victims risk losing personal information, including identification documents, which can be misused for identity theft.
Most victims reported to WA ScamNet that their myGov or Australian Tax Office (ATO) accounts had been hacked, leading to fraudulent tax returns being submitted in their name and bank details altered to redirect payments to the scammer.
Tax scammers may compromise victims’ accounts in a number of ways, including direct hacking where login details, possibly obtained in third-party data breaches, are exploited.
Consumers can help protect themselves by regularly changing their strong passwords and switching on Multi-Factor Authentication (MFA), which requires a second verification step, such as a code sent to their phone, in addition to their password.
In phishing emails and text messages, victims may be lured by phrases such as ‘You are due to receive an ATO Direct refund’ or ‘You have a new message in your myGov inbox – click here to view’ to click through to fraudulent myGov or ATO login pages designed to steal their login credentials.
Unsolicited calls, including robocalls or individuals impersonating ATO officials, are another way tax scammers may strike. These callers demand urgent payment of a tax debt or claim they need to ‘correct’ personal information to process a tax refund.
Commissioner for Consumer Protection Trish Blake urged Western Australians to ‘practice the pause’ when unexpectedly contacted about tax returns and to enhance their cyber protection.
“In today’s digital landscape, relying on the same password across your various platforms is too risky,” Ms Blake said.
“Regularly changing strong passwords and enabling Multi-Factor Authentication creates a crucial second barrier, making it exponentially harder for hackers and scammers to gain unauthorised access to your accounts, even if they manage to compromise your password.
“Remember, myGov will never use email, text message, or direct message on social media, to ask you to click on a link to sign in, enter bank details, provide identity documents or provide other personal details. Any such request is a scam.
“As of last year, the ATO stopped including hyperlinks in the SMS messages. They also never use pre-recorded messages, will never threaten immediate arrest, nor demand payment through unusual means like gift cards or cryptocurrency.”
Advice to avoid falling victim:
Direct hacking
Change passwords regularly, electing to use the ‘strong password’ option where possible
Enable a passkey, such as your phone’s fingerprint or face scan, on your device
Change your myGov username settings to sign in using your myGov username, not your email address or mobile number
Set up Multi-Factor Authentication, such as getting security codes sent via SMS or via the myGov Code Generator app
Regularly monitor your online accounts for unusual activity
If you notice suspicious activity, contact Services Australia’s scam and identity theft helpline on 1800 941 126 immediately.
Phishing emails
Don’t open or click on links in suspicious or unsolicited emails (spam) or text messages – delete them
Be aware that myGov emails should always be from ‘noreply@my.gov.au’
Never share your myGov sign-in details, including password and PIN, with anyone
Remember that myGov will never send you a text, email or attachment with hyperlinks or web addresses.
Phone scams
Confirm the caller’s name, title and why they are calling.
Call the ATO on 1800 008 540 to verify the ATO contact or log in to your myGov account to check your tax affairs.
Never send money or give financial/personal details to someone you don’t know or trust.
If you have provided your financial information, contact your financial provider immediately.
For further information or to report a scam, go to the WA ScamNet website www.scamnet.wa.gov.au or call 1300 30 40 54. If you have handed over personal information, immediately contact IDCARE at www.idcare.org.
Services Australia has further information about how to protect against scams and identity theft, including setting up verbal passwords, Multi-Factor authentication, and passkeys: www.servicesaustralia.gov.au/how-to-protect-against-scams-and-identity-theft
