ato logo
Search Suggestion:

Latest updates on scams, cyber safety and identity protection.

Stay up to date with the latest news about scams, cyber safety, and identity protection.

Last updated 30 June 2024

No more hyperlinks in our SMS

1 July 2024

We no longer use hyperlinks in outbound unsolicited SMS. This will help the community identify legitimate ATO messages and spot ATO impersonation scams, especially during tax time.

SMS continues to be one of our most reported channels for scams. These scam messages usually include hyperlinks to fake websites (such as a fake myGov sign in page). These hyperlinks are designed to steal your personal information.

To stay scam free:

  • always access our online services by typing my.gov.au or ato.gov.au into an internet browser
  • never share your sign in details for ATO services with anyone
  • don’t give out your TFN, date of birth or bank details unless you trust the person you are dealing with, and they genuinely require these details.

If you receive a message claiming to be from us and you don’t think it’s genuine, don't open it or reply to it. You can verify or report a scam and check for scam alerts on our website.

If you have shared information or paid a scammer money as part of an ATO impersonation scam, phone us as soon as you can on 1800 008 540.

For information and examples of ATO impersonation scams, visit our Scam alerts page.

ATO announces the removal of hyperlinks in SMS

11 January 2024

The ATO is in the process of removing hyperlinks from all outbound unsolicited SMS by Tax Time 2024. Removing hyperlinks is a scams preventative measure. It will help protect the community by making it easier to identify legitimate ATO SMS interactions and provide trust and confidence in the ATO and our tax, super and registry systems. 

There has been significant growth in the use of SMS by cybercriminals. Throughout the 2022–23 financial year, SMS scams impersonating the ATO brand, products, services, and our people, increased by over 400%. 

Cybercriminals often use hyperlinks in targeted SMS phishing scams. The hyperlinks take individuals to highly sophisticated fraudulent websites (such as a fake myGov sign in page) designed to steal their personal information or install malware.  

We may use SMS  to contact you, but we will never include links to log in pages. If you want to access our online services, always type my.gov.au or ato.gov.au into your internet browser yourself. 

This change also serves as a timely reminder to protect your information. Do not give out your TFN, date of birth or bank details unless you trust the person you are dealing with, and they genuinely require these details. 

If you think communication such as a phone call, SMS, voicemail, email or interaction on social media claiming to be from the ATO is not genuine, do not engage with it. You should either: 

  • go to Verify or report a scam to see how to spot and report a scam 
  • phone us on 1800 008 540, if you have divulged information or paid a scammer money. 

For information and examples of ATO impersonation scams, see Scam alerts.

2022–23 Scams by numbers

12 September 2023

The number of ATO impersonation scams are higher than ever, but our 2022–23 data indicates that Australians are becoming more aware and educated about how to identify and report scams.

Last financial year our data shows:

  • There were 25,609 ATO impersonation scams reported to us, an increase of over 25%.
  • The amount of money paid to scammers decreased by 75%.
  • Only 28 people paid money to a scammer, a 66% decrease.
  • 346 people divulged personal identifying information (PII), a decrease of 71%.
  • There has been a significant shift in the way scammers are contacting people – email has increased by 179% and SMS contact has increased by 414%.
  • The shift toward SMS and email scams has seen an increase in targeted phishing scams, leading clients to fraudulent websites. In response, we have initiated 4,836 take downs of websites with AusCERT.
  • 35–44-year olds are now the most likely to pay money to a scammer. This has shifted from the younger demographic of 25–34 year olds in the previous year.
  • 25–34-year olds have remained the age group that divulged the most PII to scammers.

Note: All data comparisons are with the 2021–22 financial year.

QC73787