IFAC accelerates engagement on anti-corruption and anti-money...
As evolving threats such as climate change, artificial intelligence, and geopolitical conflicts put increasing...
READ MORE
More than half a billion dollars has been fraudulently claimed via false Business Activity Statements and tax refund claims between July 2021 and February 2023.
Fraudsters exploited a weakness in the identification system used by the myGov online portal to create fake myGov accounts, linking them to genuine taxpayers’ ATO accounts and redirecting tax refunds and other claims to their own bank accounts.
Most of the payments were for amounts less than $5,000, and were not flagged by ATO monitoring systems.
The cybercriminals create a fake myGov account using stolen documents, link it to someone’s ATO account and disconnect the ATO account from the real myGov account before lodging the fraudulent claims. This prevents the legitimate account holder from viewing any refund assessment notices.
If a client has been affected by a cyber breach, they may carry increased risk for being scammed in the future. Clients can take the following steps to safeguard their accounts:
There are steps that the government can take to prevent future instances of fraud, but it has to balance keeping the system accessible for taxpayers with preventing access to scammers.
ATO second commissioner Jeremy Hirschhorn told the ABC that the office is managing an acceptable level of risk, which provides little comfort to those affected by these scams. Arguably, if this level of risk is acceptable the ATO has a greater appetite for it than Terry Benedict from Ocean’s Eleven, because Danny Ocean only walked away with a third of the ATO haul.
However, Hirschhorn added that his office will be more focused on overlinking – the often-legitimate practice of linking a new myGov account to an existing ATO account.
Verifying bank account detail changes with individuals through alternative channels could also mitigate fraud risk.. Hirschhorn has warned that increasing the monitoring of overlinking will also raise red flags when users alter bank details multiple times, alter contact details, or spontaneously submit several adjustments.
If fraud is suspected, the first thing to do is contact the ATO. Freeze the account to halt further activity, regain control, and check whether other accounts have been compromised.
CEO of Tailored Accounts Harry Hoang MIPA AFA is a former IPA ACT Member of the Year and former IPA ACT Practice of the Year.