ATO’s cyber safety checklist

Scammers never seem to rest, with even the lastest JobKeeper iteration coming in for some scam treatment. In a new update the ATO reports that it is receiving reports of email scams about JobKeeper and backing business investment claims. “The fake emails say we’re investigating your claims. They ask you to provide valuable personal information, including copies of your driver’s licence and Medicare card.”

During this time of heightened scam activity, the ATO is encouraging individuals and businesses to:

  1. Use multi-factor authentication where possible and don’t share your password with anyone
  2. Run the latest software updates to ensure operating systems security is current
  3. Secure your private wi-fi network with passwords (not the default password) and do not make financial transactions when using public wi-fi networks
  4. Exercise caution when clicking on links and providing personal identifying information
  5. Only access online government services via an independent search – not via emails or SMS
  6. If in doubt, call the ATO on an independently sourced number to verify an interaction
    Educate your staff on cyber safety and scams.

To report a data breach or scam visit  

ATO’s advice for tax professionals
The ATO is warning that criminals may target your practice to access your information and that of your clients. It is essential to review your security procedures from time to time. They may also use your business to lodge fraudulent statements on their behalf.

The ATO recommends you:

  1. Check the proof of identity for all new clients and question any discrepancies
  2. Only lodge for clients whose identity you have confirmed
  3. Ensure your computer security systems are up to date and protected against cyber attacks
  4. Discuss the importance of securing personal information with your staff
  5. Ensure your staff understand what is appropriate to discuss on social media or via email.

The ATO has provided an online security self-assessment, which you can access here.


Website Comments

  1. Harsh

    Delete unrequired files or data from your computer device. It prevents unauthorized access to such data by others. Merely deleting sensitive material is not sufficient, as it does not actually remove the data from your device. ‘File shredder software’ should be used to delete sensitive files on computers.

Post a comment