Avoid ransomware at tax time

Sam’s story

Sam, a registered tax agent based in Fitzroy, recently received an email from Express Delivery, a Victorian courier service she used to send and receive urgent tax documents during the peak June to October tax return period.

While the email bore a strong resemblance to others Sam had received from Express Delivery, it was actually impersonating this service by using similar branding and contact details. Without realising, Sam clicked a link in the email and it released a virus that locked her work laptop and the three desktop computers used by her staff.

Fortunately, Sam’s external IT service provider was able to recover her systems, but the incident put the security of her business and data at serious risk.

This type of scam, known as ransomware, denies access to files or computer systems until a ransom is paid.

It’s a type of malware that denies access to files or computer systems until a ransom is paid, and can get onto your device or system by (as in Sam’s case) opening emails or files from someone you don’t know, visiting unsafe or suspicious websites, or clicking on malicious links in emails, websites or social media.

Avoid ransomware at tax time

Ransomware continues to be a major cyber security threat to us all, and particularly business. Ransomware emails are sent widely, so if your network is unprotected, you may fall victim. Ransomware can cause severe reputational damage to businesses and potentially cost thousands of dollars to fix.

The Australian Cyber Security Centre receives regular reports from businesses across the country who have been hit by a ransomware scam. And human error is most often the cause, with business owners or staff clicking on suspicious links.

Protect your business online

  • Be careful when downloading attachments or clicking links in emails, text messages or social media posts, even if they appear to be from someone you know. Consider who it’s from and what they are asking you to do. If you are unsure, call the business using contact details obtained from their official website or other legitimate source.
  • Ensure your staff are educated about how to recognise scam and spam emails and fake websites.
  • Educate clients to contact you if they identify unusual activity on their tax account, receive unexpected refunds into their bank accounts or receive suspicious contact about their tax.
  • Report any client data loss to the Australian Taxation Office (ATO), especially TFN theft, any unexpected clients leaving your client list or any unusual activity or transactions.

Other things your business can do

  • Paying the ransom doesn’t guarantee you will get your data back. Call a reputable IT specialist for advice and assistance in restoring back-ups or visit the No More Ransom project.
  • Regularly back up your data in case you need to retrieve lost data quickly. Take your backup offsite or store it securely.
  • For the latest security protection, run software updates on IT systems and apps as soon as they’re available.
  • Keep your business information safe. Beware of anyone asking you to 'confirm' your details and don’t share you details unless you’ve checked the person you are dealing with is who they say they are.

Get help 

The Australian Cyber Security Centre and the Australian Taxation Office (ATO) recommend the following tips to help you protect your online information during this tax time: 

  • Stay alert at all times! Remain one step ahead of cybercriminals with info about how to keep your personal information safe online by following Stay Smart Online on Facebook and signing up to the Stay Smart Online Alert Service.
  • If you are ever unsure whether an ATO interaction is genuine, don’t reply. Call the ATO on 1800 008 540 or visit www.ato.gov.au/scam to verify.
  • If you, your clients or your staff has paid or provided personal identifying information to an ATO impersonation scammer, call the ATO on 1800 008 540 to report.
  • Report suspicious emails claiming to be from the ATO by forwarding the entire email to ReportEmailFraud [at] ato.gov.au and delete the email from your account. Do not click on a link, open an attachment or download a file.
  • If you have been a victim of cybercrime, you can report it at ReportCyber.
  • You can also seek assistance if your identity has been compromised from national identity and cyber support service, IDCARE, on 1300 432 273.

More information

For more information, visit www.staysmartonline.gov.au/taxtime19