Australians targeted by fake myGov tax refund emails

Cyber criminals are taking advantage of tax time to trick Australians into sharing their personal details online.

“It’s tax time and the common scam email informing that you’re eligible for a tax refund is doing the rounds again!” a high-alert warning from Stay Smart Online said.

The phishing email has the subject line ‘Important information regarding your account’, contains the myGov logo and claims to be from the myGov team, but is designed to steal personal and financial information.

It asks Australians to click a link to claim a refund. This link opens a fake tax refund claim form in your browser and asks for:

  • Email address;
  • Password;
  • Date of birth;
  • Postcode; and
  • Credit/debit card details.

Stay Smart Online is urging anyone who has received this email, or one like it, not to click any links or open any attachments.

It also reminded people that “the ATO and myGov will NEVER send an email or SMS asking you to click on a link and provide login, personal or financial information, download a file or open an attachment”.

You can sign up to receive alerts from Stay Smart Online here >>

How to spot a phishing email

Tax refund emails are becoming a common form of phishing emails – not just in Australia, but across the globe – and more and more people are being caught out.

Phishing attacks are also becoming more sophisticated, and the lack of basic knowledge about them only increases their chance of success.

There are a few things you can look out for to spot a phishing email:

  • Check the email address: Even if the ‘from’ name seems legitimate, the email address used may be unfamiliar.
  • Check for spelling or grammar errors: Phishing emails are often badly written.
  • Check for links or attachments to unrecognised sites: Often the phishing email will use a button or a disguised hyperlink to make it appear valid. However, if you hover over the URL you will see the actual hyperlinked address, and it could be slightly misspelled or different to what you were expecting. Always double-check before you click.
  • Does it seem too good to be true? Unfortunately, it probably is. If you receive an email containing big promises from an unknown sender, it’s likely to be a phishing email.

Don’t fall victim – train your employees

Organisations should train their employees to spot potential phishing attacks.

IT Governance’s Phishing Staff Awareness Course uses real-life examples and practical tips to help employees become an active part of their company’s cyber security strategy.

The courses can be deployed for existing employees, and as part of an induction process for new starters, to teach the importance of being alert, vigilant and secure.

Find out more about the Phishing Staff Awareness Course >>


Are your staff trained to recognise phishing attacks? Roll out the Phishing Staff Awareness Course for peace of mind.