In the last 6 months we have 2 major scams that have and has caused absolute mayhem.
One was at first thought stupid – but it is easy to do, and we have all be enticed at some point. The second one – a totally innocent business literally stops trading because of a scam and the ATO’s lack of help.
Let’s start with the first.
Our client received a txt message. As we had just completed and lodged their return, they thought it genuine. It appeared to come from the ATO. On clicking the link, it took them to a myGov login page which again looked genuine. They logged in and all without realising it had totally comprised their ID.
The scammer then logged onto the original myGov account & amended the bank account details, amended 2021 tax returns so that it created a $12,000 tax refund. What’s worse is they now have everything about our client.
- Full names, DOB, Address
- Medicare Number, Bank Details
- Most importantly Tax File Number
We have had to advise our client to:
- Change bank accounts
- Get new Medicare card numbers.
- Cancel all credit cards
- Take up a subscription with a company to monitor his credit rating.
- If he has used the password on multiple accounts change all of them
It is likely in the next few months the scammer will take out large financing loans which will never be repaid. And rarely will the ATO change Tax File Numbers which means for the rest of their life, if our client wants to log into any government services they will have to call first. A real pain.
The second scam. Well, that related to me. I am a director of a company totally unrelated to accountancy. In February my team tried to lodge a BAS for the December quarter only to notice that one had already been lodged with a refund amount of $16,000. This company had never had a refund before but before we could inform the ATO their fraud section closed the account, but in addition cancelled the company’s GST. It got worse because they changed the bank account details for the refund.
On investigation it appeared another tax agent had been appointed and they submitted the BAS. We managed to find out who the new agent (who had never been appointed) and contacted them. They told us they had been approached by the director and completed all ID checks. Here is the freaky bit. They supplied me with CBA bank account statements for the company (but with different BSB and account numbers) AND a copy of my driving licence with my full name and address, but different photo and different licence number. These were all fake.
The new accountant got in touch with the ATO to let them know this was a scam and so did I. On informing the ATO? Er…. they did nothing.
It meant the company could not really trade without GST registration.
In this case I did not do anything. I just happened to be unlucky to be targeted. But I was lucky in that they picked a company which I do not depend upon.
So we have had to object to the deregistration of GST and 6 months later the ATO still has not moved. They will not even respond to queries, emails or letters. And there is nothing I can do. And I am a Tax Agent! The ATO’s view is follow the objection procedure which is a lengthy process. In the meantime, the company is in limbo.
The above just shows that innocent errors, and sometimes no errors can put you or your business in jeopardy. This is what you should always do:
- Ensure you have 2 factor ID for all logins. Most businesses including WOW! Advisors will give you the option to use 2 Factor ID to login into portals etc. This means even if a scammer gets your ID username and password they still need your phone to confirm a code which they will not have.
Yes, it’s a pain but it could save you hours in time, not to mention the stress going forward - Be careful – very careful, of any txt messages or emails you get from anyone asking you to login. If in doubt do use the link but log in independently or call the organisation concerned.
- We recommend you use a password management system which stores all your passwords. No two passwords should be the same and use a mix of letters, symbols and numbers. We use Last Pass which is free for a simple account.
