Fake myGov profiles are being used to hack ATO accounts. Sue found this out the hard way

Home Politics Fake myGov profiles are being used to hack ATO accounts. Sue found this out the hard way
Fake myGov profiles are being used to hack ATO accounts. Sue found this out the hard way

“Congratulations on selling your Footscray house,” an accountant told Sue* last month while the pair were discussing a routine tax return.

The comment was baffling. Sue didn’t own a house in Footscray.

But according to her Australian Tax Office (ATO) records, not only did her supposed inner-Melbourne home go under the hammer but her return had already been lodged.

In fact, more amendments had been put through on previous years’ tax returns and one more was still pending.

As Sue and her accountant pored over the details on his screen, a horrifying realisation set in. Someone had accessed her account, impersonated her, and fraudulently lodged five refunds from the ATO amounting to $25,000.

Amid the high-profile data breaches involving Medibank and Optus, she thought perhaps she was the victim of an unreported major government agency breach.

The truth was far more complicated.

Through Sue, ABC Investigations has uncovered a vulnerability in the myGov and ATO systems which is being exploited by cybercriminals to defraud the taxpayer.

It’s a loophole which no amount of careful management of your online activity can prevent.

‘Entirely up to me’

a hand on a colourful computer mouse
Sue spent days trying to understand what information hackers had about her.(ABC News: Kyle Harley)

Sue has worked for several decades in the banking and large commercial sectors.

Recently retired, she divides her time between a city pad and a regional Victorian “tree change” property.

The Melbourne woman is what cyber security and information experts would characterise as the model citizen for digital hygiene.

She knows to never click on unsolicited or strange links; she never discloses her passwords, which are complex and unique; she keeps her myGov and ATO online sessions restricted to one device, which she has scanned extensively for malware or viruses.

Leave a Reply

Your email address will not be published.