Scammers could be targeting your tax refund this EOFY. Here’s how.

They say nothing is certain except death and taxes. But whether you’ll actually receive your rightful tax refund this end of financial year (EOFY) has become far less certain.

That’s because online scammers have been fooling the Australian Tax Office (ATO) and stealing tax refunds from Australian taxpayers.

In fact, the ATO recently admitted that scammers have claimed more than $557 million over two years by exploiting a security loophole in the agency’s identity checking system.

Scammers have been caught sending fake MyGov messages to taxpayers in an effort to steal their personal information and redirect their ATO tax refunds into scammers’ bank accounts.

Or they generate false tax refund claims, and leave their taxpayer victims to explain the phoney claim to the ATO – and pay back the tax refund they never received.

Authorities believe scammers may be using stolen documents from recent Medibank and Optus hacks to fool MyGov and beat the ATO’s security checkpoints.

Here’s why that’s a big deal.

The ATO uses MyGov to verify people's identities through a supposedly secure process. That means, if you want to submit your tax return via the ATO online portal, you’ll need to first verify your identity through your MyGov account.

(Source: MyGov)

To create a MyGov account, you must provide personal identity information such as your Medicare card number, passport number and expiry date, driver's licence, or your birth certificate.

This is known as the 100-point identity check. And there are some serious security problems with it.

The system’s dependence on physical documents means that if your personal identity documents are stolen or compromised – like in the Medibank or Optus data breaches – your personal information could be used by scammers to access your MyGov account, and change your bank account details to theirs.

So when the ATO thinks they are transferring your tax refund into your bank account, they are actually transferring the money into the scammer’s account.

However, this problem is not limited to the ATO and MyGov. 

It also applies to the many organisations – like banks, healthcare providers, insurance and telecommunications companies, employers, airlines, and even real estate agents – that use identity verification checks to protect their customers from identity theft and fraud.

That’s where private digital ID verification services, like Privy, come into play.

Advanced identity verification solutions go beyond the traditional 100-point check, and incorporate multiple layers of security and real-time data validation.

For example, Privy uses two-factor authentication – also known as one-time passwords – to protect your personal identity data, and digital audit trails to stop unauthorised tampering and maintain the integrity of documents throughout the signing and variation process.

Privy also helps users avoid identity theft by integrating e-signatures with digital identity verification to ensure your identity cannot be stolen or impersonated. That means you can securely sign documents online while staying safe from identity theft.

Ultimately, the rise of online scams targeting tax refunds underscores the urgent need for enhanced identity verification measures.

With traditional methods proving vulnerable, services like Privy offer robust solutions that integrate digital identity verification with secure e-signatures, ensuring protection against identity theft in today's digital landscape.

Prove it with Privy! Apply for our Early Access Program and experience the future of digital ID enabled solutions. Learn more at privy.com.au #ProveItWithPrivy