Story image

ATO scammers steal $50k's worth of cryptocurrency from Australian taxpayers

19 Mar 18

Australians should be wary of emails or phone calls appearing to be from the Australian Tax Office (ATO) that demand cryptocurrency payments for fake tax debts.

According to recent reports to the ATO, Australians have lost more than $50,000 worth of Bitcoin to the scams in late 2017.

According to Stay Smart Online, anyone can be targeted by the scam.

“Cryptocurrency operates in a virtual world, and once the scammers receive payment, it’s virtually impossible to get it back,” comments ATO Assistant Commissioner Kath Anderson.

While scammers may be adopting cryptocurrencies as a way of getting money, Anderson says the popularity and anonymity that cryptocurrencies provide make it an attractive method for scammers.

“Scammers are constantly adapting their methods to maximise their chances of picking your pocket.”

ATO says taxpayers should be vigilant for other versions of the fake tax scam.

Other versions include asking for direct deposits into third-party bank accounts, demanding payment via iTunes cards or with pre-paid Visa cards.

Third-party bank account payments account for more than half of all losses from scams – equating to approximately $1.2 million in lost funds last year.

“In 2017, the ATO received over 80,000 reports of scams, with taxpayers reporting almost $2.4 million lost to scammers claiming to be from the ATO,” comments Anderson.

“Over $900,000 worth of iTunes gift cards were reportedly paid to scammers – by almost one third of all victims. We are hoping that the new warnings Apple is including on their gift cards will help people realise the ATO doesn’t accept payment in iTunes cards.”

Anderson also says the ATO is concerned some taxpayers may be tricked into sharing personal information such as their Tax File Number.

 “If you receive a phone call out of the blue, threatening police or legal action if you don’t pay a debt, or the person calling you is rude and aggressive, hang up, it won’t be the ATO. Any call-back number provided should be checked via an independent internet search to ensure you are calling the ATO.”

"If you have received an unexpected email or threatening phone call that claims to be from the ATO and demands payment via Bitcoin or cryptocurrency, iTunes cards, or pre-paid Visa gift cards, don’t make the payment,” Stay Smart Online says in a statement.

Stay Smart Online offers the following tips for staying safe.

  • Keep your personal information such as your Tax File Number and birth certificate secure and safe. Don’t carry them around in a wallet or handbag or saved on a phone.
  • Be suspicious of any unexpected emails or threatening phone calls that claim to be from the ATO.
  • Check that a payment method is legitimate before making a payment.
  • Don’t overshare on social media and check the privacy settings on your online accounts.

“Remember, your personal information is like the keys to your identity – guard it carefully. And if you think you’ve been scammed or would like to confirm the legitimacy of an ATO call or letter, phone us on 1800 008 540,” Anderson concludes.

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Ransomware infection? Here’s how you control the damage
Ransomware has evolved to be more sophisticated and targeted, and remains a threat to businesses of all sizes.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Don’t let your network outgrow your IT team
"IT professionals spend less than half of their time at work optimising their networks and beefing it up against future security threats."