4 strategies to prevent tax time scams in your business

As tax time approaches, the risk of scams targeting your business increases significantly. The Commonwealth Bank of Australia (CBA) reported that they usually see a 400% increase in businesses reporting member portal scams during tax season.

Common tactics include phishing emails that mimic the Australian Taxation Office (ATO), often requesting personal information under the guise of verifying details or processing refunds. Scammers also use phone calls to impersonate ATO officials, threatening legal action or arrest to coerce immediate payments.

Here are four key strategies to prevent tax time scams.

1. Verify unsolicited contacts

Scammers often pose as the ATO or other official entities to trick business leaders or finance employees into sharing sensitive information. Cybercriminals may make contact via phone, email, or social media. They might appear to help with something innocent, like answering questions for you. Or, they could suggest that you owe money to the ATO.

Always verify the identity of any unsolicited contact before responding. Scammers create a sense of urgency to prompt quick actions without verification. Take the time to verify the request before providing any information or making payments.

Verify unsolicited contacts

2. Contact the ATO directly for verification

Confirm any suspicious requests with the ATO via their official email address or phone number. The ATO will never ask for personal information through social media, email, or SMS links. If in doubt, use official contact numbers found on the ATO’s website to verify the communication.

If you suspect a scam has targeted you, report it to the ATO and Scamwatch. Reporting scams helps to protect other businesses from similar threats.

Contact the ATO directly for verification

3. Avoid clicking on suspicious links

Phishing scams are among the most common tactics cybercriminals use during tax season. Between July and December 2023, phishing accounted for 28% of cyber incidents reported to the Office of the Australian Information Commissioner (OAIC).

These scams are often links in texts or emails appearing to be from the ATO, prompting you to enter details into a fake login page designed to steal your information. The ATO will never send emails or messages with direct links to log in. Always access the ATO website directly.

Cyber incident breakdown

Source: OAIC.

4. Use registered tax agents

The Tax Practitioners Board recognises registered agents who adhere to strict regulations. Using a registered tax agent can help protect your business against tax scams. Registered tax agents know the latest tax laws and can help you navigate suspicious requests or communications.

Check the Tax Practitioners Board website to ensure your tax agent is registered. This helps ensure that the agent is legitimate and compliant with industry standards.

Use registered tax agents


Cybercriminals often exploit businesses by taking advantage of tax time stress. To protect your business from malicious activities, verify unsolicited contacts, use registered tax agents, avoid suspicious links, and contact the ATO directly when in doubt. Staying informed and remaining vigilant is the best way to protect yourself and the organisation.

Layer 8 trains teams to recognise scams

Our Cyber Escape Rooms boost cyber awareness within your organisation. We deliver immersive and enjoyable team-building activities that use gamification to enhance knowledge retention and create lasting change. Visit our Cyber Escape Room page for more information and to book a preview session.

Related blogs

Safe at Home and Work: Understanding Cyber Security in a Hybrid World

How threat actors exploit social media to attack your business

5 ways to revitalise your team’s cyber security habits in the new year

Popular Posts