The Australian Taxation Office (ATO) has issued a stark warning to the public after hackers infiltrated several taxpayers’ myGov accounts and lodged fraudulent tax returns, stealing thousands of dollars in the process.
The scam, which has reportedly cost one Perth woman $14,000, has exposed vulnerabilities linked not to ATO’s own systems, but to compromised personal information. The ATO insists that its systems remain “secure, resilient and have not been compromised.” Instead, the breaches appear to stem from identity theft and phishing attacks, allowing fraudsters to gain access to taxpayer logins.
In one alarming case, Perth resident Kate Quinn discovered earlier this year that cybercriminals had submitted a fake tax return in her name, redirecting her refund to a different bank account. She is among a growing number of Australians who say they have fallen victim to this sophisticated scam.
The ATO has not released the total number of affected users or the total amount lost and recovered, nor has it confirmed whether any suspects have been arrested. However, it is urging all Australians to remain vigilant and take immediate steps to protect their identities online.
A spokesperson from the ATO reassured the public:
“The safety of taxpayers’ information is of the utmost importance to us. We remain vigilant to new and emerging cyber threats and have stringent security measures in place for any suspected cases of identity compromise.”
The ATO is recommending Australians upgrade their digital security by using myGovID, a more secure method of logging in that makes it harder for fraudsters to access accounts. The office also warned the public to be wary of unsolicited contacts, suspicious emails, and fake websites.
According to the ATO, identity details are often stolen through:
Phishing emails
Fake websites posing as government or financial institutions
Data breaches from other organisations
Compromised devices or home networks
Once hackers gain access to a victim’s myGov account, they can lodge tax returns and redirect refunds into accounts they control. This process often happens before the legitimate taxpayer or their accountant even knows anything is wrong.
To protect your identity and finances, the ATO recommends:
Enabling multi-factor authentication
Regularly updating passwords
Monitoring your myGov and bank accounts for unusual activity
Using myGovID instead of just username and password
Reporting any suspicious activity immediately to the ATO
