Security

Tax scams explained - and how to protect yourself this EOFY

As the end of the financial year (EOFY) approaches, many Australians are gathering documents, receipts, and tax statements. But it’s just as important to prepare for something else: staying safe from tax scams. With over $119 million lost to scams in just the first four months of 2025, scammers are exploiting every opportunity, including the tax system. To help keep you and your money safe, Customer Owned Banking Association's (COBA) Financial Crimes and Cyber Resilience team share expert tips on how to spot and avoid tax scams.What is a tax scam, and how do they work?Tax scams often involve criminals impersonating government agencies like the Australian Taxation Office (ATO) or myGov. These scammers send phishing emails or text messages to trick you into sharing personal information - such as your myGov username, password, or other sensitive details - or to get you to click malicious links.How can you protect yourself from tax scams?Here are four key ways to stay safe:1. Verify the sourceAlways double-check the sender's email address. Official messages from myGov typically come from addresses ending in @my.gov.au. Don’t respond unless you’re certain it’s legitimate.2. Avoid clicking on linksIf you receive an email or text with a link claiming to be from myGov, don’t click it. Instead, type the official website address directly into your browser: https://www.my.gov.au3. Be wary of urgency or threatsScammers often try to pressure you with urgent messages - like threats to suspend your account or offers of unexpected refunds. These are red flags. Stay calm and verify the claim independently.4. Never share personal detailsmyGov and government agencies will never ask for your password, Tax File Number (TFN), or bank details via email or text. Never share this information in response to unsolicited messages.How do you report a tax scam?If you receive a suspicious message claiming to be from myGov or another government agency, it’s important you report it to protect yourself and others from being scammed. Report it to the Australian Cyber Security Centre (ACSC) or the myGov Help Desk If it's related to the ATO: Call the ATO’s dedicated scam line: 1800 008 540Forward suspicious emails to ReportScams@ato.gov.au Take a screenshot of fake social media posts or phishing messages and email them to ReportScams@ato.gov.au More information about how to report a tax scam can be found on the ATOs website.   Published: 27 June 2025

Security

Privacy Awareness Week 2025

Privacy – it’s everyone’s business As our lives become increasingly digital, protecting personal information in today's interconnected world has never been more important. Privacy Awareness Week 2025 takes place from 16 June – 22 June with the theme, Privacy – it’s everyone’s business. PAW is an initiative that highlights the importance of privacy and the protection of personal information for individuals and organisations. Coordinated by the Office of the Australian Information Commissioner (OAIC) in collaboration with state and territory privacy regulators, as well as the Asia Pacific Privacy Authorities (APPA) forum, PAW brings together governments, regulators, businesses, and the broader community to reflect on privacy rights and obligations in today’s digital era. Why privacy matters more than ever In 2025, the average person uses dozens of apps and online services daily, many of which collect personal data. From smart home devices and wearable technology to AI-powered platforms and facial recognition tools, the scope of data collection is vast and often invisible. Without proper safeguards, personal data can be misused, whether through data breaches, identity theft, or unauthorised surveillance. How you can protect privacy Use strong, unique passwords always use a mix of uppercase, lowercase, numbers, and symbols, with a minimum of 14 characters. Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of protection by requiring something you know (like a password or passphrase) and something you have (like your phone). Review privacy settings on social media, apps, and devices. Be cautious on social media: Keep accounts private and think before sharing, scammers can use your posts to steal your identity. Never share your password Be cautious of phishing attempts and unsolicited communications, if it sounds too good to be true, it likely is. Act quickly if your privacy is breached: Change passwords, notify your bank, monitor accounts, watch for scams, and check your credit report. Understand data collection policies before using new apps or services. Keep your software updated to protect against known security vulnerabilities. For more information on common scams and how to protect yourself, please visit the News section of our website, or alternatively the Australian Cyber Security Centre (ACSC) has a wealth of information and advice about protecting yourself online. As always, we remain committed to your security and privacy online. To understand how we manage your personal information, please visit our Privacy page. To understand how we help to keep you safe, please refer to our Security page. Need help? If you believe someone has gained access to your personal information, even if it appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical in giving you the best chance to stem any loss. If you have concerns about your Unity Bank account, contact us on 1300 36 2000. If the scam occurred on social media or a legitimate website, report it to the platform involved. For scams on Facebook, Messenger, WhatsApp and Instagram, see this step-by-step guide for reporting scams on Facebook services. You can find more information around protecting your personal information at the Privacy Awareness Week website.

Security

Safeguarding yourself against scams and fraud

It's alarming to hear in the media that Australians lose over $3 billion annually to scams through various methods like emails, calls, texts, and social media. They adopt tactics such as phishing and identity theft, making it a priority for everyone to stay watchful. Here's a guide to help you stay alert and protect yourself from scams and fraud. VerifyVerify the legitimacy of anyone contacting you before sharing personal information or making financial transactions. Be cautious of unexpected messages or calls, pressuring you to act quickly or share sensitive details. Do not click on links in messages or emails. Beware of unsolicited offers                                                      Whether it's a lottery win, an inheritance from an unknown relative, or a lucrative investment opportunity, be cautious and confirm the validity of such claims before proceeding. Monitor your accounts regularly   Check your bank accounts and credit report for any unauthorized activity. Immediately report any suspicious transactions for inconsistencies to your financial institution or appropriate authorities. Install security software          Install antivirus and anti-malware software on your devices Keep your software updated to guard against the latest security vulnerabilities. Trust your Instincts                                                      If something feels off or too good to be true, it probably is. Research and consult family or friends before making decisions if something seems suspicious or too good to be true. If you have fallen victim of a scam or suspect someone has gained access to your personal information, contact Unity Bank immediately on 1300 36 2000. You can also report a scam through the Scam Watch website and find additional information on scams and how to protect yourself. 

Security

Hang up on remote access scammers

Professional scammers are exploiting unsuspecting individuals with offers to fix account, phone, or computer issues, resulting in increasing financial losses through remote access scams. By convincing victims to download well-known screen-sharing software, criminals gain control of devices and siphon funds. Australians lost $15.5 million in 2023, with older demographics bearing the brunt of the losses. How to spot the scam Be cautious of unsolicited calls claiming device issues and impersonation of reputable institutions. Exercise caution when prompted to download remote control software. Here's how the scam operates: Victims without knowing grant scammers control over their devices, who then fabricate issues and coerce victims into divulging sensitive information. This access allows scammers to pilfer funds without detection until victims log in again. Protect Yourself: STOP – Avoid rushing into action. Hang up on anyone urging you to download software or apps over the phone. Refrain from sharing banking details, passwords, or 2-factor authentication codes during such calls. THINK – Question the authenticity of the caller. Take time to verify their identity by contacting the business independently using trusted contact details or confirming the employee's legitimacy through secure channels. PROTECT – Act swiftly if suspicions arise. Contact your bank immediately if you've disclosed financial information or made transfers. Help combat scams by reporting incidents to Scamwatch, assisting others in avoiding similar traps. If you've been affected:  Call us immediately on 1300 36 2000 if you have noticed any suspicious transactions or if you have any concerns. Seek support from IDCARE for compromised personal information. Report scams to Scamwatch and inform others to prevent future incidents.  

Security

Scammers target seniors with fake seniors discount card

Seniors are being targeted by scammers through a fake website requesting money and multiple forms of personal identification. In some instances, scammers are calling the elderly and offering the discount card and asking for personal information over the phone. How this scam works Fake websites/cold phone calls claiming to supply senior discount card membership for a fee. Fraudulent websites are charging around $29 (application processing fee) for the discount card and allege to be “officially approved”. Scammers steal personal information and use this on other platforms to commit identify fraud. What to look out for Seniors card membership is free of charge and so seniors should never be asked to pay a membership or application fee. If you are being asked for bank, credit card, PayPal details (or any other personal information) in exchange for membership then this is a scam. Top tips to avoid scams STOP – take your time before providing any personal information. THINK – ask yourself if the message could be fake? PROTECT – act quickly if something feels wrong. If you have provided information, contact IDCARE (on 1800 595 160) and report scams to Scamwatch.  Alternatively, call us immediately on 1300 36 2000.  

Security

Hi mum scams

We are urging our Members to be wary of phone messages from a family member or friend claiming they need help, following a significant rise in 'Hi Mum' scams. The scammer will claim they have lost or damaged their phone and are making contact from a new number, most often contact is made through WhatsApp.     Once they develop a rapport, the scammer will ask for personal information or money for urgent expenses as they can't access online banking.  If you are concerned about the security of your account or believe you have been scammed, contact us immediately on 1300 36 2000. To find out more information about this scam, visit ACCC here.