Media: Protecting your personal information
https://tv.ato.gov.au/ato-tv/media?v=bi9or7orf9rrwrExternal Link (Duration: 00:30)
Be aware of what you share
Always be aware of what information you share. Your personally identifying information (PII) forms pieces of a scammers puzzle. Scammers can use this information to access your bank account, sign in to your myGov account, steal money and then commit fraud in your name.
To help protect yourself:
- Stop – Don't share your personal information such as your myGov, Tax File Number (TFN), or bank account details, with anyone unless you trust the person and they genuinely require your details
- Think – Ask yourself could the message or call be fake?
- Protect – Act quickly if something feels wrong. Phone us on 1800 008 540 if you have disclosed any personal information.
For more information on how to report scams, refer to Verify or report a scam.
If you are the victim of a data breach and your personally identifying information has been accessed, go to Data breach guidance for individuals.
Your personal identifying information (PII)
To commit identity crime or fraud, scammers only need some of your PII. This may include:
- full name
- date of birth
- current address
- myGov and ATO online login details
- tax file number (TFN)
- passwords
- bank account numbers
- credit card details
- driver's licence details
- passport details.
They can use this information in a variety of ways, such as to commit refund fraud in your name, access your myGov account to steal your tax refund, steal your superannuation or sell your identity to organised crime groups on the dark web or via other means.
If you suspect your personal information, such as your TFN, has been stolen, misused or compromised, phone us as soon as possible on 1800 467 033 between 8am and 6pm Monday to Friday. We will investigate and can place extra protection on your ATO account.
Protect yourself
Our top tips to keep your personal information safe are:
- Don't give out your PII to anyone unless you've verified that the person you're speaking with is who they say they are and has a legitimate need to know your details.
- Think before you click on a hyperlink or open an attachment. Scammers often use these methods to steal your PII or plant malware on your devices.
- Always access online services by directly typing the URL into a browser, not by clicking on a link.
- Use your Digital ID (such as myGovID), set to the strongest level you can achieve, to access ATO online services through myGov.
- Protect your Tax File Number (TFN) - only give your TFN to organisations or people who have a legitimate need for it, such as your tax agent, current employer or bank. It's important to verify that the person you're giving your TFN to is who they say they are.
- Never share your password/s. Consider using passphrases instead of passwords, a password manager can help you generate or store passphrases. You should also consider updating them regularly.
- Enable multifactor authentication. If scammers obtain your password, it will be significantly harder for them to access your account.
- Keep your devices up to date. Scammers can use viruses, malware and programs to access or steal your personal information on your devices including phones, computers and tablets.
For top cyber security tips for individuals, visit Top cyber security tips for individuals. You can also set up Voice authentication to help protect your tax account and reduce the chance of scammers accessing it.
More information on securing your devices is available from the Australian Cyber Security CentreExternal Link.
How we protect you
We take the security and privacy of your personal information very seriously. We have steps in place to make sure your data and online transactions with us are secure and safe.
We keep your personal information safe by:
- confirming your details when you contact us
- having a range of systems and controls in place to make sure your data and transactions with us are secure
- logging access to your personal information (to help us identify any unusual behaviour).
To help you stay safe online, we:
- won't ask you for your TFN or bank details via return email, SMS, or on social media
- won't give your personal information to anyone without your consent, unless the law permits us to
- won't communicate with you on behalf of another government agency or ask another government agency to represent us.
Spot the scam signs
Scams can trick you into providing either personal information or paying money. Scammers use various methods of communication, they may send you an SMS, email, or call you.
If someone claiming to be from the ATO contacts you and advises that you have a debt or are owed a refund or asks for your myGov sign in credentials, bank or personal details such as your TFN, consider the possibility that it may be a scammer.
For more information about scams and how to verify a scam, see: