Home ยป Content

Phishing fact sheet

Posted October 30th, 2006 by admin
| |

Phishing fact sheet

By ATO

This fact sheet provides general advice about how taxpayers can guard against illegitimate attempts to acquire personal or tax related information by email.
Why is phishing an issue?

We are committed to developing online and electronic products to help taxpayers meet their obligations and make the experience easier, cheaper and more personalised. We place significant effort and resources into ensuring the security and privacy of tax information and the integrity of our systems.

However, it is equally important that you know about, and can minimise the risk of, certain information technology issues that could:

* cause you significant inconvenience or costs
* impact on your ability to deal with us electronically or online
* result in the loss or damage of your electronic information, or
* lead to your electronic records or tax details being misused.

If you manage your tax affairs using a computer system, or use the Internet or e-commerce systems to deal with the tax office, then you should be aware of phishing.
What is phishing?

'Phishing' is a term used to describe efforts to illegitimately gain access to banking or personal details. This usually involves an email that is made to look like it has been sent from a trusted source such as a government agency, bank or other company. The email is designed to trick you into revealing personal or financial information.

One example of phishing might be an email claiming there is a problem processing a particular transaction or an issue with a computer system. You are usually then asked to supply certain personal details so the 'problem' can be fixed. Another example is an email asking you to resupply, validate, or update your personal or financial details. You might be asked to reply by email or to click on a hyperlink and update your details over the Internet.

If you follow the hyperlink you are sent to a fake web page. This is usually designed to look like the legitimate web page. The site may be very realistic and have the correct colours, logos and text. Any details entered on this false web page would be sent to the perpetrators and then most likely misused.
Where does the term 'phishing' come from?

The term 'phishing' is a play on the word 'fishing'. In this context, unwary users are baited into providing personal details.
What should I look out for?

You should be careful of any emails asking for personal information and especially wary of any email that asks you to provide information relating to your tax affairs. Financial institutions and Australian Government agencies will not usually send unsolicited emails requesting that you provide or update your personal or financial details.

While we may contact you in response to an inquiry you have made, you can always contact us if you are concerned about any email or other correspondence that claims to have come from the tax office or requests for tax related information.
What steps can I take to minimise the risk of phishing?

* Do not provide personal, financial or tax details in response to email requests. Despite sounding legitimate these are most likely to be fraudulent.
* Do not click on any hyperlinks contained in emails asking you to confirm or update your tax details or to supply personal or financial information. If you need to go to a web page to complete a transaction or supply information, make certain you type the correct internet address directly into your browser.
* Be cautious and do not reply to, or follow any hyperlinks in an email if you have any concerns about the validity of it.
* Contact the organisation that claimed to have sent a suspicious or unusual email. They should be able to confirm if it is real or not. Always check the internet address of a hyperlink. Be cautious of hyperlinks to websites that include the '@' symbol. An example of this would be an internet address like www. somesite.com@fakesite.com. In this example, you would be taken to fakesite.com rather than to www.somesite.com. The longer the internet address, the easier it is to conceal the fact that it is not legitimate.
* Before you enter personal or financial details on a web page, make sure the web site is using encryption. Look for the small closed padlock icon in Internet Explorer's status bar. If you think you may have been the victim of a phishing scam, immediately contact the agency or company that claims to have sent the email so it can be investigated and referred to the appropriate authorities.

To access further fact sheets on information technology security issues for taxpayers visit our website Australian Taxation Office