As the financial year draws to a close, Consumer Protection is urging Western Australians to be extra vigilant against tax scams, which become more common around this time.
- Tax time warning as scammers steal $48,000 in 2024-25 so far
- Scammers lodging fraudulent tax returns in victims' names
- Advice to change passwords regularly, switch on MFA, never share login details
As the financial year draws to a close, Consumer Protection is urging Western Australians to be extra vigilant against tax scams, which become more common around this time.
So far this financial year (1 July 2024 to 23 June 2025), Consumer Protection's WA ScamNet team has received 34 reports of tax-related scams, with seven victims losing a total of $48,201. This compares with $26,627 lost by five victims in 2023-24. Beyond the financial loss, victims risk losing personal information, including identification documents, which can be misused for identity theft.
Most victims reported to WA ScamNet that their myGov or Australian Tax Office (ATO) accounts had been hacked, leading to fraudulent tax returns being submitted in their name and bank details altered to redirect payments to the scammer.
Tax scammers may compromise victims' accounts in a number of ways, including direct hacking where login details, possibly obtained in third-party data breaches, are exploited.
Consumers can help protect themselves by regularly changing their strong passwords and switching on Multi-Factor Authentication (MFA), which requires a second verification step, such as a code sent to their phone, in addition to their password.
In phishing emails and text messages, victims may be lured by phrases such as 'You are due to receive an ATO Direct refund' or 'You have a new message in your myGov inbox - click here to view' to click through to fraudulent myGov or ATO login pages designed to steal their login credentials.
Unsolicited calls, including robocalls or individuals impersonating ATO officials, are another way tax scammers may strike. These callers demand urgent payment of a tax debt or claim they need to 'correct' personal information to process a tax refund.
Commissioner for Consumer Protection Trish Blake urged Western Australians to 'practice the pause' when unexpectedly contacted about tax returns and to enhance their cyber protection.
"In today's digital landscape, relying on the same password across your various platforms is too risky," Ms Blake said.
"Regularly changing strong passwords and enabling Multi-Factor Authentication creates a crucial second barrier, making it exponentially harder for hackers and scammers to gain unauthorised access to your accounts, even if they manage to compromise your password.
"Remember, myGov will never use email, text message, or direct message on social media, to ask you to click on a link to sign in, enter bank details, provide identity documents or provide other personal details. Any such request is a scam.
"As of last year, the ATO stopped including hyperlinks in the SMS messages. They also never use pre-recorded messages, will never threaten immediate arrest, nor demand payment through unusual means like gift cards or cryptocurrency."
Advice to avoid falling victim:
Direct hacking
- Change passwords regularly, electing to use the 'strong password' option where possible
- Enable a passkey, such as your phone's fingerprint or face scan, on your device
- Change your myGov username settings to sign in using your myGov username, not your email address or mobile number
- Set up Multi-Factor Authentication, such as getting security codes sent via SMS or via the myGov Code Generator app
- Regularly monitor your online accounts for unusual activity
Risk Warning: Cryptocurrency is a unregulated virtual notoriously volatile instrument with a high level of risk. Any news, opinions, research, data, or other information contained within this website is provided for news reporting purposes as general market commentary and does not constitute investment or trading advice.
