Beware: Phishing and Investment Scams on the Rise
Emails impersonating myGov
The ATO and Services Australia have issued a warning about a new email phishing scam doing the rounds. The emails claim to be from “myGov” and include screenshots of the myGovID app. myGovID can be used to prove who you are when accessing Australian government online services.
The scam emails ask people to click a link to fill in a “secure form” on a fake myGov page. The form requests personal identifying information and banking details.
This new phishing scam contains classic warning signs that it is not legitimate, including spelling errors and the request to “verify your identity” by clicking a link. The ATO has confirmed this scam is all about collecting personal information rather than gaining access to live information via myGov or myGovID. ATO systems, myGov and myGovID have not been compromised.
The ATO and myGov do send emails and SMS messages, but they will never include clickable hyperlinks directing people to a login page for online services.
“In the lead up to tax time, we expect to see more of these malicious attempts to harvest identity details. So we encourage everyone to be on alert and take the time to remind family and friends to be on the lookout and stay safe online”, said ATO Assistant Commissioner Ben Foster.
What to do
If you’ve opened an email that looks suspicious, don’t click any links, open any attachments or reply to it.
The best way to check if the ATO or another government service has actually sent you a communication is to visit the myGov site, my.gov.au, directly (without clicking an emailed link) or to download the myGovID app. You can then log in securely and check your myGov inbox and linked services.
If you’ve received a suspicious email and mistakenly clicked a link, replied and/or provided your myGov login details or other information, you should take immediate action.
Change your myGov password and if you’ve provided your banking details, contact your bank.
Advice and support, such as identity recovery services, are available by phone on Services Australia’s Scams and Identity Theft Helpdesk, 1800 941 126 (Monday to Friday, 8 am to 5 pm AEST).
Suspicious SMSs and emails that claim to be from myGov or government services can be reported to ScamWatch at www.scamwatch.gov.au/get-help/protect-yourself-from-scams.
Cold calls and emails encouraging superannuation rollovers
The Australian Securities and Investments Commission (ASIC) has recently advised it is aware of scams that target Australians and encourage them to establish self managed superannuation funds (SMSFs).
People are cold-called or emailed, and scammers pretending to be financial advisers encourage the transfer of funds from an existing super account to a new SMSF, claiming it will lead to high returns of 8% to 20% (or more) per year.
In fact, people’s super balances are instead transferred to bank accounts controlled by the scammers.
Scammers use company names, email addresses and websites that are similar to legitimate Australian companies that hold an Australian financial services licence. They even use a “legitimate” company to ensure the SMSF is properly established and compliant with Australian laws, including creating a separate SMSF bank account set up in the investor’s name.
The scammers then transfer money from the existing super fund, either with or without the knowledge of the investor, and steal it by using the real identification documents the person has provided to set up the SMSF in an account fully controlled by the scammers.
What to look out for
If you’re contacted by any person or company who encourages you to open an SMSF and move funds, you should always make independent enquiries to make sure the scheme is legitimate. This is especially true if you weren’t expecting the phone call or email!
Always verify who you are dealing with before handing over your identification documents, personal details or money.
Be wary about providing your personal identification documents to people you don’t know. Red flags include things like the website containing spelling errors, changing addresses or disappearing; processes that involve speaking to different people who sound the same; and email addresses and contact details that change. Some scammers copy legitimate websites and use names lifted from the internet.
For more information about investment scams and what to look out for, see Moneysmart’s investment scams page at https://moneysmart.gov.au/investment-warnings/investment-scams.
Fake news articles touting cryptocurrency investments
ASIC has also received an increased number of reports from people who have lost money after responding to advertisements promoting crypto-assets (or cryptocurrency) and contracts for difference (CFD) trading, disguised as fake news articles.
Some advertisements and websites falsely use ASIC logos or misleadingly say the investment is “approved” by ASIC.
A common scam tactic is promoting fake articles via social media. They look realistic and impersonate real news outlets like Forbes Business Magazine, ABC News, Sunrise and The Project.
Once someone clicks on these advertisements or fake articles, they’re directed to a site that is not linked with the impersonated publication, and asked to provide their name and contact details. Scammers then get in contact, promising investments with unrealistically high returns.
Many of these scams originate overseas. Once money has left Australia it’s extremely hard to recover, and banks and ASIC are unlikely to be able to get it back.
What to look out for
Crypto-assets are largely unregulated in Australia and are high-risk, volatile investments. Don’t invest any money in digital currencies that you’re not prepared to lose, and always seek professional advice when making investment decisions.
Remember that most reputable news outlets, and especially government-funded broadcasters like the ABC, don’t offer specific investments as part of their news coverage.
ASIC does not endorse or advertise particular investments. Be wary of any website or ad that says the investment is approved by ASIC or contains ASIC’s logo – it’s a scam. ASIC does not authorise businesses to use its name and branding for promotion.
What to do
If you’ve transferred funds by bank transfer or credit card to someone you think may be a scammer, you should contact your financial institution immediately – they may be able to reverse the transaction. Unfortunately, however, your bank or credit union won’t be able to help if you’ve paid scammers via crypto-assets.
To help ASIC disrupt scammers and warn others, you can use the regulator’s website at https://asic.gov.au/about-asic/contact-us/how-to-complain/ to report any scams or suspicious investment offers you come into contact with.
Important: Clients should not act solely on the basis of the material contained here. Items herein are general comments only and do not constitute or convey advice per se. Also, changes in legislation may occur quickly. We, therefore, recommend that our formal advice be sought before acting in any of the areas.