- CA ANZ is working with the Australian Taxation Office to make tax agents and their clients more aware of cyber risks.
- Tax scams include the theft of tax identity information by criminals to fake tax debts and obtain tax refunds.
- Superannuation players need to be constantly alert as Australia’s ageing society is a prime target for scammers.
By Tarini Puri.
With tax time 2018 just around the corner, accountants as “trusted intermediaries” are being urged to safeguard their own business systems and make their clients aware of tax scams.
“Our tax system is under constant attack from those preying on vulnerable people seeking payment of fake tax debts. Some have even been conned into believing that tax can be paid using Apple iPhone cards,” says Michael Croker, Australian Tax Leader at Chartered Accountants Australia and New Zealand and Co-chair of the Australian Taxation Office (ATO) Cyber Security Stewardship Group.
Cyber criminals and scammers make direct contact over the telephone or face to face to steal tax IDs and lodge fake tax and Business Activity Statements (BAS) returns to get refunds from the ATO, he explains.
According to statistics released by the Australian Competition & Consumer Commission, Australians lost a total of $340 million to scammers in 2017, the highest losses ever since the commission started reporting scam activity, with victims losing an average of AU$6500.
The agency’s ninth annual 'Targeting scams report' reveals that some 200,000 scam reports were received by the ACCC, Australian Cybercrime Online Reporting Network (ACORN) and other federal- and state-based government agencies in 2017, including more than 68,000 reports related to online scams, including email, social media, mobile apps and the internet, worth nearly $50 million in reported losses.
Phone calls were also popular among scammers, with 65,000 reports related to phone, representing nearly $30 million in reported losses.
Related: Support National Scams Awareness Week
The National Scams Awareness Week 2018 will be run by the Australian Competition and Consumer Commission from 21 to 25 May 2018. Tax agents can help spread the cyber security message via newsletters, websites, social media and direct client communications.
What accountants can do
Accountants must also embrace cyber-security and risk management processes to reduce the threat of scams in an increasingly online world.
The accountant–client relationship has an important role to play in providing assurances to regulators such as the Australian Securities and Investment Commission (ASIC) and the ATO, Croker believes.
“The expression ‘Know your client’ is well-known in the financial services sector, and community-based, trusted intermediaries such as accountants frequently provide assurance to regulators about their clients’ bona fides,” he says.
“Even in an online world, relationships are important and new online systems must be designed in a way that acknowledges intermediaries.
“More and more accounting firms are increasingly turning this expertise into insights for clients, offering cyber security and risk management services as part of a broader suite of business advisory products.”
Australia’s ageing population is a prime target for scammers, and all participants in the superannuation industry need to be constantly on the alert.
Our tax system is under constant attack from those preying on vulnerable people seeking payment of fake tax debts. Some have even been conned into believing that tax can be paid using Apple iPhone cards
Seven ways to keep your business and client information safe
1. Ensure your passwords are strong and secure
Regularly change passwords and do not share them. Strong passwords with a mix of upper and lower case letters, numbers, and symbols are harder to hack. Use multi-factor authentication where possible to create an additional layer of security.
2. Remove system access from people who no longer need it
Immediately remove access for people who no longer work for your business or who have changed positions and no longer require access. Unauthorised access to systems by past employees is a common cause of identity security or fraud issues for businesses.
3. Ensure all devices have the latest security updates
Run weekly anti-virus and malware scans and have up-to-date security software. It can be easy to accidently click on an email or website link that can infect your computer. In some attacks, your device may be infected by ransomware that can:
- lock your computer until you pay a fee to criminals
- install software that provides access to your bank accounts.
4. Use a spam filter on your email account
Do not open any unsolicited messages. Be wary of downloading attachments or opening email links, even if they are from a person or business you know. They can infect your computer with malware and lead to your information being used to commit fraud. Spam emails can be embedded with malware and can be used to trick you into:
- providing information
- paying fraudulent invoices
- buying non-legitimate goods.
5. Be vigilant about what you share on social media
Many businesses now have a social media presence. Much like your personal profile, you should consider what information you share. Scammers can take the information you display publicly and impersonate you or your business. Impersonators may send emails to trick your staff into providing valuable information or releasing funds.
6. Monitor your accounts for unusual activity or transactions
Check your accounts (including bank accounts, digital portals and social media) for transactions or interactions you did not make, or content you did not post. If an organisation you deal with sends you an email alerting you to unexpected changes to your account:
- don’t click on included hyperlinks
- don’t log on to the suggested website through the links or attachments in the email.
You should immediately:
- check those accounts
- contact the organisation by phone.
7. Do not leave your information unattended
Secure your electronic devices wherever you are. Make sure you:
- do not leave your information unattended
- secure your electronic devices (such as phones or tablets) with passcodes
- securely store portable storage devices (such as thumb and hard drives) when not in use.
Related: Is your finance team safe from scammers?
Hackers regularly target finance teams. Follow a checklist to help protect your team from cyber attacks.
Tarini Puri is the production coordinator of Acuity.