Hi everyone - have you come across any tax scams this year?
This type of fraud often involves scammers posing as the ATO and trying to get your money or personal information by claiming you owe a debt or are in line for a refund, or even just by asking you to update your details with them.
I want to uncover some of the latest varieties going around, so am keen to know what suspicious tax time communications you’ve been receiving. Thanks!
You mean other than from the ATO itself? 
I had the ATO contact me in a way that was indistinguishable from a scam. I rang the ATO on a pre-existing number (necessary to investigate legitimacy). I complained about the contact but they didn’t understand what I was on about and have not responded to my formal complaint.
With an ATO like this, who needs scammers?
While not directly ATO per say, it is similar in that it is attempting to gain access credentials for mygov. The scam email received today is
Also not ATO but always good for a laugh …
I have deposited the check of the whole of $1.450,000Million USD as we agreed with western union. All you have to do now is to contact the western union at: [ westernunion@example.com ] they will give you direction on how you will be receiving the funds daily. My agreement with them is 5,000 USD daily until the whole of $1.450,000 Million USD is fully transferred to you. Send him your information such as
1,Receiver name and address…
3,Country…
2,phone number…
Email them with the above address: westernunion@example.com, the contact person is Ms.LORA ELIAS, The only money to pay for the transfer is just 71 usd for renewal of transfer fund file.
Their phone number; +example
Thank you.
Dr. Susan Mensah Mensah
(I’ve replaced email addresses and phone number with ‘example’.)
This is a classic Nigerian 419 scam.
I receive essentially zero spam/scam emails because I run my own mail server and hence am able to configure so as to bias spam detection in favour of “false positives”. So nothing bad “ever” gets through - at a cost of more emails going into the spambox, which I then have to review frequently, just to run through quickly and assess. (So I fished the above text out of the spambox.)
The advantage of this more aggressive approach is that if the email contains a 0-day exploit then the email never even gets stored on the mail server or, failing that, certainly never even reaches the mail client. Plus I just like to p*** off the spammers by rejecting (bouncing) their email up front. 
I expect you wanted an actual example received by a forum participant but the following article at least shows that such scams are around: How scammers use phishing attacks to 'socially engineer' their way into your savings - ABC News (you need to scroll down a fair way to get to the example that is from the “ATO”)
Note that the caption on the image in the article says that the source is Scamwatch (if you want to follow up).
I am that person!
Received a few minutes ago, from: myatogovv@gmail.com
You have a new message in your myGov inbox.
You have receive your 2021, 2022 tax update, verify your claims via myGov link: at0assistg0v.cc to view.
Regards, myGov team.
Do not reply to this email.
Easy to spot this one. AFAIK myGov only says to go the website to check the inbox messages, it has never given me a link and I would not click on it anyway.
And so far it hasn’t given any details of what the message is about, I would be suspicious if it did.
These are two sides of the same coin but it actually does mean that you have less (no) information to go on when deciding whether a putative message from the ATO is legit.
Traditional security advice would be that an email that is not personally addressed (e.g. Dear Customer) is more likely to be dodgy than one addressed to you by name. With the tsunami of data breaches, being able to provide the correct name is becoming less of an achievement and hence less of an indicator. So an organisation might have to provide further detail in order to look legit.
The ATO intentionally makes the notification as bland as possible but …
Of course you are correct about the presence or absence of a link.
Here is an actual legit ATO email message. Astonishingly bland. I understand the reasons but …
You have a new message in your myGov Inbox.
Regards, myGov team
Do not reply to this email.
I understand what you mean @person, but frankly that’s all I ask from any emails from government, bank, etc.
I always avoid using my own judgment if it’s genuine or not: I just go to myGov ( there’s plenty of security steps before I’m given access, including sending a code to my mobile) and check my mailbox. And the same for any message from my bank… Using my own judgment on whether it’s genuine or not and possibly making a mistake is what scammers wish me to do. I enjoy disappointing them 
The problem for me is that not all messages from the ATO are created equal. There are routine messages that can safely be ignored or at least left for some weeks before dealing with - and there are non-routine messages that may require more urgent attention.
With the current approach you more or less have to respond instantly to each such email by logging in to myGov. That is not how I want to live my life. There would be few people on the planet who, on their deathbed, will suggest that they wished they had spent more time reading messages on the myGov web site.
I believe (on not much evidence) that the ATO makes it bland because the channel is insecure. They would not want to provide any detail over an insecure channel. While that is a sound practice, it is also unhelpful.
I would not object if the ATO provided just a few words that provide a clue as to the nature of the message that will be found in the myGov Inbox.
I might be corrected but the message about an inbox is generated by mygov, not the ATO or whichever agency sent an email (to you via mygov).
Yes, I think you are right.
From my perspective, it’s all “gov” and not my problem how they organise themselves internally.
I think there’s some internal communication going on: got a message just recently asking me to register as an organ donor. It coincides with the fact that I have undergone some serious medical tests recently. Luckily I’m not superstitious.
An article about this ongoing problem: Tax return scams involving myGov are on the rise — here's what the ATO says to watch out for - ABC News
There’s not much new in that article but one detail worth bringing out is:
The woman had disposed of her old mobile phone at a recycling facility but had forgotten to do a factory reset
With the proliferation of 2FA that is based around your mobile phone it is even more important these days to dispose of an old mobile phone carefully i.e. remove SIM and erase all data.
On a current iPhone that’s: Settings / General / Transfer or Reset iPhone / Erase All Content and Settings
Needless to say, don’t do this unless you are actually ready to erase all data e.g. have transfered all content and settings automatically to the new phone.
