How to spot a fake ATO text

How to spot a fake ATO text

Seemingly legitimate texts from the Australian Taxation Office — which are actually part of a dangerous scam — have exposed the terrifying new tactics of grubs trying to get their hands on your money.

A concerned reader has shared text messages which show the worrying criminal enterprise works.

She was sent a real text message from the ATO in November, which reminded her to pay her income tax bill by the end of the month — with details about how to pay.

However, when she looked at her phone last week, she realised there was an official-looking text message from the exact same — official ATO — number.

“You are due to receive an ATO refund of $2675.51,” it reads. “Visit and logon with your phone number and ATO pin to claim.”

Following, the link the text directs recipients to website which promises them quick and easy cash.

“This new system of receiving your ATO refund payment is very straight forward,” the website reads. “It has been designed and personalised to prevent third-parties from claiming your refunds. You cannot assign another person or agency to claim on your behalf.”

However, an ATO spokeswoman told despite the fraudulent text and the legitimate one coming from the same number — the department has not been hacked.

Instead, she said the text shows how crafty scammers are constantly changing tactics and manipulating calling line identification (CLI) to make themselves seem like the real deal.

“We’ve seen instances where scammers maliciously manipulate the CLI so the phone number that appears is different to the number from which the call originated,” she said. “Malicious CLI overstamping allows a scammer to disguise their identity and location from the person being called or to make the number seem more familiar to the called party.”

The nefarious tactic is known as “spoofing” and the ATO says it is now a common scam technique used by scammers in an attempt to “legitimise their interaction with vulnerable community members”.

“The community should be aware that legitimate email domains and SMS origins can also be ‘spoofed’ by scammers,” the spokesman said. “Spoofing occurs on global telecommunications platforms and is therefore not an indicator of a compromise of the IT security controls within an organisation.”


While the ATO regularly contacts taxpayers by phone, email and SMS, there are some telltale signs that it isn’t the ATO. The ATO will not:

— send you an email or SMS asking you to click on a link to provide login, personal or financial information, or to download a file or open an attachment (as in the example provided)

— use aggressive or rude behaviour, or threaten you with arrest, jail or deportation;

request payment of a debt via iTunes or google play cards, prepaid visa cards, cryptocurrency or direct credit to a personal bank account; or

— request a fee in order to release a refund owed to you.

If you are in doubt about an interaction you have had with someone claiming to be from the ATO, or you think you have fallen victim to an ATO Impersonation scam, you can call the department to verify it on 1800 008 540 between 8am–6pm, Monday to Friday.

Source link