Most scams that you’ve come to recognise are generally via email, phone or text message asking for information about you, your bank account or credit card number or if they are feeling bold, money.

While you still need to stay vigilant with these types of scams, it’s equally important to be aware of the scams that are impersonating a trusted professional service provider or organisation. This guide aims to educate readers on potential deceitful communications and how to navigate them properly.

General Tax Scams from the ATO

Before we jump into typical scams that could come from a professional service provider (like your accountant or financial planner), we thought we’d quickly summarise common tax scams that involve the ATO.

Generally, a scammer will pretend to be the ATO and will tell you that you can expect payment from them in the form of a refund or bonus on your tax return, JobKeeper payment or super payment.

The ATO have made it clear that they will never:

  1. Send you an email or text message asking you to send them your information by email or text message.
  2. Send you an email or text message with a link to log into online services.
  3. Send a pre-recorded message saying the police are coming to arrest you or demanding urgent payment of money.
  4. Ask for payment by:
    • Bank transfers to a bank that is not the Reserve Bank of Australia (RBA)
    • Overseas wire transfers
    • iTunes or Google Play cards
    • Cardless cash transfers
    • Cryptocurrency like Bitcoin

If any of the above happens or you get a phone call, the ATO advises that you should hang up on anyone who says they are from the ATO and threatens to arrest you, delete any pre-recorded messages saying they are from the ATO and do not phone them back.

For more information check ato.gov.au/scams or speak to your financial advisor.

Standard Communication Policies For Professional Organisations:

Trustworthy and reputable organisations ensure open and secure communication with their clients. They will never ask for sensitive information such as passwords, credit card numbers or personal identification numbers via email, phone or text message. Any communication requesting such information should be deemed suspicious immediately.

Regarding invoices or payments, firms generally use secure links and portals. If there’s any uncertainty concerning a request’s authenticity, always revert to the organisation directly using their official communication channels.

Types of Email Scams

Email scams may come in various forms, like phishing emails pretending to be well-known companies, asking for immediate action or containing links/attachments. These may include fake invoice emails, finance “opportunities”, account lockout alerts or emails claiming there is an issue with your account.

How to Identify and Deal with Suspicious Emails:

Phishing emails are getting harder and harder to spot. Scammers are becoming smarter and waiting for the right time before striking so if you receive something from your accountant or bookkeeper that contains information you’ve been waiting for, tread lightly.

If you receive an email from an organisation that you think may be spam, here are a few things you can do.

1. Look at the email address

Always check the sender’s email address. Any slight change in the official email domain should be considered a red flag. Scammers often use email addresses that look like the authentic ones so pay close attention.

2. Assess the email content

Inspect the email and look for spelling and grammatical errors. Also check the style and tone of the message and compare it with previous emails you’ve received. If the communication style is different, contact them (don’t reply to the email but create a new email or call them).

3. Avoid clicking on suspicious links and attachments

Avoid clicking on any links or downloading attachments from suspicious emails. Hover over the links to preview the actual URL and verify if it directs to a legitimate domain. Download attachments only when you are expecting them and are certain of the sender’s legitimacy.

4. Confirm requests for sensitive information

Genuine organisations won’t ask you to share sensitive or confidential information via email. Any request for passwords, account details or personal information should be treated as suspicious.

5. Use multi-factor authentication

Enable multi-factor authentication on your accounts when given the option. This adds an additional layer of security, making it harder for unauthorised users to gain access even if they have your password.

6. Contact the organisation directly

If in doubt, use official contact details, not those in the suspicious email.

7. Keep Your Security Software Updated

Ensure that your antivirus and other security software are up-to-date. Regularly updating your security software will help in detecting and blocking malicious content and activities.

FAQs/Helpful Resources

Staying informed and cautious can help maintain a secure and trustworthy environment. Below are some commonly asked questions:

  1. How can I verify an email’s authenticity?
    If you are ever in doubt about an email’s authenticity, reach out directly to the organisation using their official contact details.
  2. What should I do if I’ve clicked on a link in a suspicious email?
    Change your passwords immediately and contact your IT support. Also let the organisation know that you received a suspicious email so they can check their security protocols.
  3. How can I improve my email security?
    Regularly update your passwords and make them complicated and unrelated to your previous passwords. Enable two-factor authentication on your accounts wherever possible and be cautious of unexpected email attachments and links. Keep your antivirus software updated and regularly scan your system for potential threats.
  4. How often do organisations send emails to clients?
    The frequency of emails may vary depending on ongoing projects, updates or essential communications. We recommend adding official email addresses (not just your advisor’s email) to your contacts to ensure our communications land in your inbox and not in the spam folder.
  5. Will organisations ever ask for sensitive information via email?
    Companies stick to strict security protocols and will never ask clients to share sensitive information like passwords, bank details or personal identification numbers via email. Any communication requesting such information should be treated as suspicious and you should contact the organisation directly through their official channels to verify its legitimacy.
  6. How to report a suspicious email?
    If you receive an email that appears to be phishing or a scam, please contact the organisation.

Always remember to contact the organisation if you have doubts or concerns about any communication. Stay vigilant, stay safe. We’re here to assist you with any queries or concerns to ensure your peace of mind and security.