ATO warns of myGov scam campaign

By Dylan Bushell-Embling
Wednesday, 15 July, 2020

ATO warns of myGov scam campaign

The ATO has warned Australians to be on the alert for an SMS and email phishing campaign targeting myGov users.

Attackers are sending spoof email and SMS disguised as legitimate ATO and myGov SMS messages that include shortened links leading to compromised domains hosting pages designed to skim login details.

The ATO advised that no legitimate email or SMS notifications from myGov will include a link to log in to a user’s myGov account. The agency is also advising myGov users to make their accounts more secure by adding two-factor identification over SMS.

“All online management of your personal tax affairs should be done in ATO online services, accessed through your genuine myGov account,” the advisory states.

“Any communications containing your personal information, such as your tax file number (TFN), will be sent to your myGov inbox, not your email account.”

Suspected fraudulent SMS or emails can be sent to

Cloud security company Mimecast announced that its threat intelligence team has confirmed that a combination of COVID-19 and ATO-themed phishing campaigns commenced early this month.

“The Mimecast Threat Intelligence team observed a series of malicious sending addresses and Australian government-themed phishing pages, many of which appear worryingly legitimate,” the company said in a statement.

Spoof addresses used in the campaign include, and

Image courtesy Mimecast.

Related News

NSW Govt enlists MessageXchange for e-invoicing service

The NSW Department of Customer Service has appointed MessageXchange to provide its e-invoicing...

Many agencies yet to fully implement DMARC

Only two of 18 Australian Government agencies evaluated by Proofpoint have fully implemented...

ACSC to hold cyber exercise for water sector

The Australian Cyber Security Centre is inviting water and wastewater companies to register to...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd