ATO warns of myGov scam campaign

By Dylan Bushell-Embling
Wednesday, 15 July, 2020

ATO warns of myGov scam campaign

The ATO has warned Australians to be on the alert for an SMS and email phishing campaign targeting myGov users.

Attackers are sending spoof email and SMS disguised as legitimate ATO and myGov SMS messages that include shortened links leading to compromised domains hosting pages designed to skim login details.

The ATO advised that no legitimate email or SMS notifications from myGov will include a link to log in to a user’s myGov account. The agency is also advising myGov users to make their accounts more secure by adding two-factor identification over SMS.

“All online management of your personal tax affairs should be done in ATO online services, accessed through your genuine myGov account,” the advisory states.

“Any communications containing your personal information, such as your tax file number (TFN), will be sent to your myGov inbox, not your email account.”

Suspected fraudulent SMS or emails can be sent to

Cloud security company Mimecast announced that its threat intelligence team has confirmed that a combination of COVID-19 and ATO-themed phishing campaigns commenced early this month.

“The Mimecast Threat Intelligence team observed a series of malicious sending addresses and Australian government-themed phishing pages, many of which appear worryingly legitimate,” the company said in a statement.

Spoof addresses used in the campaign include, and

Image courtesy Mimecast.

Related News

Macquarie joins VMware Sovereign Cloud initiative

Macquarie Telecom Group is now a member of the VMware Sovereign Cloud initiative.

Workday completes IRAP assessment

Workday has completed an Information Security Registered Assessors Program assessment to allow it...

Defence gets ISR integration capability

A consortium led by Leidos has delivered a new intelligence, surveillance and reconnaissance data...

  • All content Copyright © 2022 Westwick-Farrow Pty Ltd