It’s coming up to the end of the financial year here in Australia and everyone seems to be on the lookout for bargains and preparing to fill in their tax returns, especially online. But remember that cybercriminals are also on the lookout – hoping to trick unassuming web users into handing over their credit card and personal details.
All it takes is one little mistake, so let’s take a minute to look at the main online risks and some simple steps on how to protect yourself.
Tax time is always a crazy period when it comes to money. With the end of the financial year on 30 June, punters are shopping around for some tax write-off gear to balance the books and retailers are only too happy to oblige with sales, discounts, and other promotions both online and off.
Yet we’re all getting busier nowadays so the web offers a great alternative to traditional shopping, as well as providing more efficient ways for us to consume government services. No one likes taxes, but at least with “e-tax” the Oz government is taking as much of the pain as possible out of the process. In 2011, over 2.6 million Australians filed their returns this way and the number is growing year-on-year.
It’s no surprise then that cybercriminals – always on the lookout for ways to make an easy buck – have been cashing in, too.
Phishing for taxes
The main way they have been scamming users when it comes to e-tax is via fake tax return pages. The scam usually begins with an email purporting to come from the tax office. It looks official, written in reasonably accurate, official-sounding English and stamped with what appear to be authentic logos, but of course they aren’t.
You will usually be asked to click on a link to reclaim a tax rebate, or perhaps even to settle an outstanding bill. You will be made to feel like this is your LAST chance to do so and that the request is URGENT – all ploys to trick you into clicking.
You will then be taken to a fake web page – again mocked-up to look like a genuine site belonging to the tax authorities – where you’ll be asked to fill in personal info, including credit card details, tax number, name, address, phone number, etc. All of these are then harvested by the bad guys and either sold on the online black market to other criminals or used to commit identity fraud and drain your bank account.
Tips for staying safe online
Make no mistake, the bad guys are getting more and more persistent and their efforts at creating fake emails and phishing websites are improving, but there are a few best practice tips that will help you stay safe online:
- Download the official e-tax software if you’re planning to fill in your returns online. This is where account details need to be updated – not from a link on a dodgy email
- Always read the URL of a web site before entering in personal information. If it doesn’t look right, close the window and search for the site yourself online
- Make sure you have up-to-date security software on your machine. This can block phishing emails before they even reach your inbox and alert you if you’re in danger of visiting a malicious website
- Remember: The Australian Tax Office (ATO) will never send you an unprompted email, so ignore anything that comes into your inbox purporting to come from them – it WILL be a scam
I work for Trend Micro and the opinions expressed here are my own.