Tax time is like Christmas for hackers and scammers. It’s the time of year where people jump online and share critical identification information with the tax department that can be easily used for identity theft, and yet, according to Australian research from Norton LifeLock, while Australian workers are aware of the security risks they are often not particularly secure in their behaviour.
The research found 83 per cent of respondents agree cybercrime is a high priority issue in Australia, 78 per cent are worried about online identity theft, 58 per cent of respondents say they are more wary of cybercrime at tax time, and 56 per cent believe they are more susceptible to cybersecurity risks.
Yet fraud around tax is still a lucrative opportunity for scammers. Last year, Australians lost more than $2.8 million (AUD) in fake ATO scams. There was a 900 per cent surge in the number of calls pretending to be from the ATO, and aiming to trick people into sending money or sharing personal information online with the scammers. The most recent research into the number of tax file numbers (TFNs) being compromised is four years old and it found that more than 500 TFNs were stolen each day. Each of those victims was at serious risk of complete identity fraud. It is likely that has since risen as initiatives such as MyGov mean more Australians are lodging their tax returns online, where the data can be more easily compromised.
Concern for security not translating into secure behaviour
Despite the public’s concerns around security and reports of the extent of the damage being done, Norton LifeLock’s research suggests the success that scammers have at this time of year is due to people engaging in risky online behaviour. For example, the research found while 80 per cent of Australian workers believe it is safe to complete a tax return online, 36 per cent would also be happy to do so on a device that does not have cybersecurity software installed. In other words, there is a significant number of Australians submitting tax returns online without first checking the environment is secure.
Another indication of how blasé Australians can be about security best practices can be found in the number of Australians who share critical data over very public channels. One in five respondents have shared their tax file number through a personal email account, 18 per cent have used public Wi-Fi or a friend’s mobile hot spot to log into online banking, and 12 per cent have shared their tax return using public Wi-Fi or that friend’s mobile hot spot.
In each case, the report noted Gen Z and Millennials as the worst offending demographics for unsafe behaviour.
How to be secure through tax time
With the Australian government having moved its tax services online, there are several steps that every Australian should be taking to ensure their data remains secure through their interactions with the ATO.
- Having security software, and making sure its updated
Thousands of new security threats are created daily, which is why keeping security software updated is so critical. Through tax time, hackers will try and install keyloggers and other spyware in order to gain access to login details and/or critical pieces of data such as a tax file number. A properly updated solution such as Norton Security Premium provides the key frontline defence against this threat.
- Making heavy use of a reliable VPN
Not all VPNs are created equal, and a cheap or “free” one can even be less secure to use, but a premium VPN service from a trusted source (such as Norton Secure VPN) will provide an additional layer of protection by masking online interactions away from the base IP address of the Internet connection. This is particularly pertinent for those logging in at public spaces, such as Wi-Fi hotspots.
- Be vigilant, and know what steps you need to take next in the event that you are targeted
Finally, be vigilant, and actively aware that you will probably be targeted by a scam or hacking attempt through tax time. Be automatically suspicious of emails that arrive purporting to be from your bank or the ATO – carefully check the email address for something that doesn’t look official, scan the email for spelling errors, and look at the company details at the bottom of the email. If in doubt, contact the institution to verify the legitimacy of the email.
Additionally, be suspicious of any call that comes in from a “No Caller ID” number. Don’t share your name or any identifiable details until you’re satisfied with the legitimacy of the call.
Finally, follow the steps outlined by MoneySmart to report the attempted scam. If you’re in any way concerned that you have been compromised, immediately make a report to your bank and financial institutions, and consider putting a notice on your credit report. This website has the useful information and contact details that you need.
Hackers rely on people not being fully aware of security best practices – as the Norton LifeLock research shows, 42 per cent of Australians have been targeted by an impersonation of the Australian Taxation Office, and just one example of a scam last year led to 28,000 complaints to the Australian Tax Office. As such, it is vital that people – particularly those in the younger demographics – learn how to submit their tax returns safely and securely.
For more information from Norton, visit https://au.norton.com/internetsecurity-taxtime.