MyCRA Specialist Credit Repair Lawyers

Tag: Australian Taxation Office

  • ‘TAX REFUND NOTIFICATION’ Don’t get caught out with this scam at tax time.

    tax refund notificationA high priority alert has just been issued from Stay Smart Online in regards to malware-carrying emails supposedly from the Australian Taxation Office, which could send your credit file into the doghouse. Most people who regularly read this blog will probably be well aware of the high prevalence of scam emails designed to capture your financial details either directly or through malware. They would also be well aware of the dangers that can pose for your ability to obtain credit in your own right if fraudsters steal your identity and pose as you to take out credit in your name. But we feel it is important to remain vigilant in warning the community when such emails are on the increase. They could just catch out someone you know. So we look at the details on this email and its variants, and what dangers it poses for the financial information of ordinary Australians.

     

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Today Stay Smart Online (the government’s online safety website) issued a warning about cyber criminals taking advantage of the upcoming tax deadline for filing tax returns by launching thousands of scam emails. The emails are purporting to be from the ATO, but contain malware which can steal your personal information.

    Security firm Bitdefender reported the detection of three email spam campaigns in late July and early August that saw up to 10,000 spam emails sent on 6 August. This surpassed the 3,000 messages sent on 23 July and the 5,000 messages sent on 15 July.

    “This sort of malicious outbreak is expected to continue heavier and more targeted as the tax time approaches its deadline in October,” a Bitdefender advisory warned. “Attackers hope their targets are too concerned with their financial duties to double check the sender’s address and discover the con.”

    If your system is infected by the malware in these messages, private data such as passwords and logins for financial institutions can be stolen and distributed to cyber criminals who will exploit it for financial gain.

    If your computer becomes infected, not only can personal information be stolen, but malware may force the computer to join a global ‘botnet’ that uses thousands of slave computers to distribute further malware-laden emails—or it might take part in distributed denial of service (DDoS) attacks. Among other things, this can seriously reduce the effective speed of a home Internet connection.

    What the emails look like…

    Most common spam emails

    ‘Australian Taxation Office – Refund Notification’, with body text including ‘TAX REFUND NOTIFICATION’. It instructs you to open an attachment called ‘ATO_TAX_pokeefe.zip’ or similar. The attachment is typically malware.

    ‘New information regarding lodgement’ and suggests that the ATO has been attempting to refund a payment to “the credit card we have on file.” Recipients are advised to log into an ‘e-portal’ to receive the refund manually, and that “during the payment process you will be given the opportunity to update the credit card that is on record.”

    Important Information…

    The ATO will never ask for such information via email. Any email that requests additional information before a refund can be released is a hoax.

    If you receive a message like this, do not under any circumstances open the attachment. Delete the message immediately. Never open attachments that arrive with these sorts of messages.

     

    Identity theft and your credit file

    Identity theft can lead to fraud, and can affect your credit file. It often goes undetected until the victim applies for credit and is refused.

    Any kind of credit account (from mortgages and credit cards through to mobile phone accounts) which remains unpaid past 60 days can be listed as a default by creditors on the victim’s credit rating, and those defaults remain there for 5 years.

    The consequence of people having a black mark on their credit rating is generally an inability to obtain credit.  Most of the major banks refuse credit to people who have defaults, or even too many credit enquiries, so it is really essential to keep a clean credit record.

    If you think your identity has been stolen, or that your personal information has been compromised there are three things you should do to protect your credit file:

    1. Contact Police immediately

    2. Contact the credit reporting agencies which hold your credit file.

    3. Contact your Credit Providers – especially financial institutions.

    If you think your tax file number has been stolen, you can visit the ATO’s Client Identity Support Centre for more help. They also give comprehensive advice on what to do in different situations of theft of your personal information.

    By law in Australia, if a listing contains inconsistencies the credit file holder has the right to negotiate their amendment or removal.

    But to clear their good name, the identity theft victim needs to prove to creditors they did not initiate the credit – which can be difficult. Not only are victims generally required to produce police reports, but large amounts of documentary evidence to substantiate to creditors the case of identity theft.

    Contact www.mycra.com.au for more details on credit repair following identity theft.

    Image: Stuart Miles/ www.FreeDigitalPhotos.net

  • Threat of identity theft looms as business cyber-assaults take new form.

    cyber-assaultMedia Release

    Threat of identity theft looms as business cyber-assaults take new form.

    20 February 2013

    The ramping up of efforts by fraudsters to go after Australian businesses holding personal information could contribute to a greater risk of identity theft and subsequent credit fraud for Australian consumers, warns a consumer advocate for accurate credit reporting.

    Yesterday new Attorney-General, Mark Dreyfus QC advised that recent national survey results for more than 250 major businesses show cyber-crime is becoming increasingly targeted and coordinated, with one in five businesses experiencing one in the last year.

    Mr Dreyfus said that cyber assaults have shifted from being indiscriminate and random to being more coordinated and targeted for financial gain. Most occur from outside the business, although it appears internal risks are also significant.[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][i]

    The 2012 Cyber Crime and Security Survey Report commissioned by CERT Australia and conducted by the Centre for Internet Safety at the University of Canberra revealed that most serious assaults involved the use of malicious software, theft or breach of private information and denial-of-service.

    In one case, an organisation reported the theft of 15 years’ worth of critical business data.

    A third of instances involved the theft of notebooks, tablets or mobile devices.

    CEO of MyCRA Credit Rating Repair, Graham Doessel says Australians should feel concerned about where their personal information could be exposed to potential company data breaches, as personal information has become a valuable commodity used to commit identity theft and potentially ruin the victim’s credit rating and their financial future.

    “We can’t take lightly the possibility that any company that keeps data on its customers could be at risk of cyber-crime. Identity theft is becoming more prevalent, and personal information is lucrative for fraudsters,” Mr Doessel says.

    Last week the Australian Taxation Office (ATO) announced the identities of four tax agents were stolen and used to fraudulently obtain AUSkeys giving access to specialist tax agent online services.

    Whilst the ATO was able to contain the threat, and cancel the AUSkeys, it said in a statement to the media that doing business online has benefits, but also comes with risks.

    “People looking to commit identity fraud constantly look for ways to profit so it is critical to remain vigilant regarding your personal information and online security,” the ATO statement said.[ii]

    Mr Doessel says this instance is one of a long line of assaults on Australian businesses and government entities in recent years.

    “Unfortunately it seems everywhere people turn one entity or another has been hacked – and it seems everyone with a computer is at risk. It is still extremely scary the level of risk peoples’ personal information undergoes these days when it is stored online,” he says.

    Personal information in the wrong hands can lead not only to identity theft but credit fraud, which involves the use of the victim’s credit rating, which can have significant long term consequences.

    “Basically, a lot of identity fraud is committed by piecing together enough personal information from different sources in order for criminals to take out credit in the victim’s name. Often victims don’t know about it right away – and that’s where their credit file can be compromised,” he says.

    He says once the victim’s credit rating is damaged due to defaults from this ‘stolen’ credit, they are facing some difficult times repairing their credit rating in order to get their life back on track.

    “These victims often can’t even get a mobile phone in their name. It need not be large-scale fraud to be a massive detriment to their financial future – defaults for as little as $100 will stop someone from getting a home loan,” he says.

    Once an unpaid account goes to default stage, the account may be listed by the creditor as a default on a person’s credit file. Under current legislation, defaults remain on the credit file for a 5 year period.

    “What is not widely known is how difficult restoring a credit file can be – even if the individual has been the victim of identity theft, there is no assurance the defaults can be removed from their credit file. The onus is on the victim to prove their case and provide copious amounts of documentary evidence,” he says.

    Changes to the Privacy Act 1988 should help consumers collectively when businesses experience cyber-crime which leads to a data breach.[iii]

    From March 2014, increased powers of the Privacy Commissioner will force organisations that experience a breach to do something about it. Previously, the Commissioner could investigate and make recommendations as to what the organisation should do, but it had no way of requiring the organisation to take action.

    The Commissioner can also issue civil penalties to organisations that experience a breach and either fail to take reasonable steps to protect the information entrusted to them, or fail to adequately respond.

    Mr Doessel says consumers need to be insisting that the companies who hold their personal information have adequate tools to prevent a data breach, but he says despite this, the changing nature of cyber-crime means it can be difficult to keep up with the technology of fraudsters.

    “Despite our best efforts to keep our details safe, we don’t have control over the IT systems of the company which holds our information, so we have to place a lot of trust in them to stay one step ahead of fraudsters. With most organised crime gangs now placing identity theft on their repertoire, more damaging and more frequent assaults are probably imminent in the future,” Mr Doessel says.

    He says as a matter of routine, consumers should check their bank and credit card statements thoroughly when they come in, and should also order a copy of their credit report regularly – which would indicate if their credit file had been misused.

    Under current legislation a credit file report can be obtained at no cost every 12 months from the major credit reporting agencies Veda Advantage, Dun and Bradstreet and TASCOL (if in Tasmania) and is sent to the owner of the credit file within 10 working days.

    /ENDS.

    Please contact:

    Lisa Brewster – Media Relations media@mycra.com.au

    Graham Doessel – Director Ph 3124 7133

    Ph 07 3124 7133 www.mycra.com.au www.mycra.com.au/blog

    MyCRA Credit Repair 246 Stafford Rd, STAFFORD Qld

    MyCRA is Australia’s number one in credit rating repairs. We permanently remove defaults from credit files.

    ——————————————————————————–

    [i] http://www.attorneygeneral.gov.au/Mediareleases/Pages/2013/First%20quarter/18February2013-CyberattacksonAustralianbusinessmoretargetedandcoordinated.aspx

    [ii] http://www.ato.gov.au/corporate/content.aspx?doc=/content/00345567.htm

    [iii] http://www.oaic.gov.au/privacy-portal/resources_privacy/Privacy_law_reform.html#whats_changed

    Image: Victor Habbick/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Has your tax file number been given out to debt collectors?

    If you have a tax bill you haven’t paid – be aware your tax file number may have been given out to debt collectors contracted by the Australian Tax Office. This is despite the recent warnings from the ATO that compromised tax file numbers are leading to identity theft. We look at the story behind this recent revelation and report on the prevalence of tax file number – related identity crime. Identity theft can lead to credit fraud which can leave you in debt and with bad credit history.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    The Herald Sun reported yesterday in their story ‘Debt collection agents given tax file numbersthat the ATO gives out the tax file numbers of consumers whose debt they are referring to debt collection agencies. The numbers are used for identification purposes.

    “THE tax file numbers of Australians are being passed on to contracted third-party debt collection agencies by the Australian Tax Office, despite the ATO claiming compromised tax file numbers are leading to identity theft,” the lead in states.

    This surprising revelation comes after the Herald Sun revealed this month there had been a surge in compromised tax file numbers. See last week’s post ‘Over 23,000 accounts of tax file number identity theft last year.’

    The newspaper published data from the Australian Taxation Office showing over 23,300 Australians had their tax file number compromised in the 2012 financial year. This was up from 22,000 last year.

    Likewise, ATO’s August campaign involved urging consumers to keep their tax file numbers safe to avoid identity theft. They revealed that scams such as fake job ads and bogus ATO emails were leading to compromised tax file numbers and identity theft. Here is an excerpt from their media release ‘Scammers target job seekers’ with comment from Tax Commissioner Michael D’Ascenzo:

    “Personal information can be used by scammers to lodge false tax returns in your name, enable the use of your credit cards or even result in people taking out a loan in your name. In some cases, identity crime can take years to resolve.”

    This year there have been over 6,000 reports from the community about bogus e-mails using the ATO brand, and over 4,000 reports of attempted phone scams.

    At this time of year when many people expect refunds, scammers use the opportunity to pretend to be from the ATO.”
    Only certain people and organisations can ask for your TFN, the most common being:

    • the ATO, when discussing your tax records
    • your employer, but only after you start work
    • your bank or other financial institutions
    • Centrelink, and
    • your superannuation fund.

    It was not mentioned which people and organisations are commonly recipients of Australian tax file numbers.

    ATO response on tax file number referral

    The ATO told the Herald Sun that contractors use the numbers for identification purposes only and said there is no risk because strict security requirements are placed on them.

    Here is an excerpt from the Herald Sun story:

    Four companies are contracted to do debt collection for the ATO and only two responded to queries from the Herald Sun asking about security arrangements or how many staff would have access to public tax file numbers.

    The ATO stated: “The four debt collection agencies we use are subject to strict security and privacy provisions as part of their contract. Any breach could nullify the contract and result in prosecution.

    “No taxpayer information, including tax file numbers, is to be sent overseas.”

    The ATO added that every two years it checked the premises and IT systems of third-party debt collection companies, and the last checks were done between July and October this year with no major risks or breaches identified.

    But the country’s biggest accountancy body has expressed concerns about the use of tax file numbers when not necessary.

    “If the tax office is sharing TFNs with third parties, regardless of the contractual arrangement, then there is a concern and a great risk … that the information is distributed, that the information could be misused somewhere along the line,” CPA Australia head of tax Paul Drum said.

    “In that regard, it seems unusual that the Tax Office would need to provide a TFN when the information provided to the debt collectors includes a claims reference number anyway.”

    Whilst the security checks employed by the ATO seem acceptable, I too question the requirement for sharing of this crucial financial information to outside bodies if not absolutely necessary.

    In this day and age when instances of identity fraud are reportedly on the rise, and becoming more sophisticated by the day; when we are urged by Government, by law enforcement, by banks, even by the ATO to regard our personal information as a valuable commodity – it seems unusual that the policy for sharing this crucial financial information still remains in place.

    Identity crime and your credit file

    Compromised personal information in any form is a big threat to our credit file health.

    If fraudsters get hold of your identity information they can duplicate it, and attempt to take credit out in your name. If successful, they can borrow anything from credit cards, mobile phones, cars, even mortgage properties. They are never so kind as to pay that debt back – so your credit file, your good name is left compromised and you are left with debt you didn’t initiate.

    It can be difficult to correct any credit file discrepancy – but identity crime can be even more difficult to remove from your credit history – because you have to prove – somehow – that you didn’t initiate the credit in the first place. This can involve evidence that you may or may not have. You may not be able to get any documentation, and also the identity theft could have occurred long before you find out about it.

    If you find out any personal information is compromised, or you know you are the victim of identity theft, the best place to go first if the Police.

    Once you are in a position to try to recover your good credit history, a Police report will go a long way to proving your innocence.

    Police may also advise you of other avenues open to you as well as an identity theft victim, such as requesting a Victims of Commonwealth Identity Crime Certificate.

    If you need help recovering your credit file health for whatever reason, contact a Credit Repair Advisor on 1300 667 218 or for more information visit the MyCRA Credit Rating Repairs website www.mycra.com.au.

    Image: Arvind Balaraman/ www.FreeDigitalPhotos.net