Money never sleeps, as the old quote goes, but it could apply equally well to scammers. As most people have let their guard down and are still recovering from their holiday excesses, scammers are positioning themselves to strike at this particularly vulnerable time. Among the usual parade of swindles, the government has warned of a particularly insidious new ATO impersonation scam on social media.
The scammers do plenty of leg work by first scouting out public conversations on social media platforms such as Twitter or Facebook where taxpayers ask questions or make complaints about the ATO. The fraudsters then hijack the conversation using a fake ATO profile, then by contacting the taxpayer directly with an offer to help resolve the complaint or follow-up on a comment. After the taxpayer takes the bait, the scammers will usually ask the victim to click on a link or provide their personal details in the guise of solving or following-up the original complaint.
This impersonation scam has caught plenty of people off-guard, as responding to public complaints offering resolution has long been in the PR playbook of many companies – both large and small – as well as some government departments and agencies. Taxpayers that have been duped by the scam usually won’t know that anything has gone wrong until much later when the stolen personal information is used for nefarious purposes. “The ATO is working with social media platforms and other government agencies to help remove these damaging interactions.
The best defence against such scams is community awareness.” – The Hon Stephen Jones MP, Assistant Treasurer and Minister for Financial Services In the meantime, the ATO provides some tips on how to stay one step ahead of the scammers. It states that it will never send taxpayers a link in an email or a text to log into online services, MyGov, or for taxpayers to fill their personal details (including their TFN). The ATO also says it will never ask for a taxpayer’s personal identifying information such as their TFN or bank account details on social media.
For interactions on social media, taxpayers are encouraged to look for verified accounts on Facebook and Twitter, and a high follower count on LinkedIn. Anyone purporting to be from the ATO but asking for payments through unusual methods such as gift cards, crypto assets or cardless cash, and/or resorts to threats of immediate arrest if payments are not made, is a fraudster and should be ignored and reported to the appropriate authorities if possible (ie Scamwatch or the ATO).
Young jobseekers are also being increasing targeted at this time of the year, with scammers pretending to be hiring on behalf of high-profile companies and online shopping platforms, as well as impersonating well-known recruitment agencies to obtain personal information and/or swindle jobseekers out of large payments with promises of guaranteed income. It is not just individuals that scammers are targeting. Those with small businesses should also be aware of continuing business email compromise scams, where scammers pose as legitimate businesses and request small businesses change the legitimate payment details for invoices, wages or deposits to one that is controlled by the scammer.
In some cases, the email may come from hacked email accounts of the legitimate business, and in some other cases scammers may register domain names that are very similar to legitimate companies.