Stay Vigilant: Phishing Scams Surge During EOFY

As we approach the End of Financial Year (EOFY), cyber criminals are once again exploiting this high-activity period, only this year their tactics are more sophisticated than ever. AUSCERT has observed a consistent and sharp rise in phishing scams, particularly those impersonating trusted government and taxation agencies. The surge in payments, invoicing, and accounting workflows during EOFY creates a perfect storm of opportunity for threat actors to target organisations already under pressure.

Phishing scams have risen significantly in recent years, with reported incidents rising from 1,100 in 2022 to 2,500 in 2023, and reaching 2,960 in 2024. These scams often feature official-looking branding, convincing language, and urgent calls to action. Common tactics include prompting users to click malicious links, scan QR codes, or download attachments—typically under the disguise of tax refunds, account issues, or penalty warnings.

Among AUSCERT’s members, unsurprisingly the Financial and Insurance Services industry remains the most heavily impacted during this time. Given its access to high-value data and essential services, this sector is a prime target for fraud, identity theft, and business email compromise (BEC), making vigilance during EOFY more critical than ever.

Alarmingly, phishing threats are becoming even more difficult to detect with the rise of AI-generated scams. Artificial intelligence is now being used to craft highly personalised and scalable phishing campaigns that mimic human language and behaviour. These AI-powered scams are more deceptive, harder to identify, and faster to deploy making them a serious challenge for both individuals and organisations.

To stay safe from ATO and MyGov-related phishing scams this tax season, it’s important to take the following precautions:

• Verify the source: Don’t trust unsolicited emails, calls, or texts. The ATO and myGov will never ask for sensitive information via email or SMS. Contact them directly using official channels.
• Hang up on threats: If a caller pressures you to pay or threatens arrest, end the call immediately. Legitimate agencies don’t behave this way.
• Avoid unknown links and attachments: Never click on unexpected links or open attachments from unknown sources.
• Be wary of urgency: Scammers use urgency to rush decisions. Take your time to verify before taking the next step.
• Protect personal information: Don’t share financial or personal details without validating the request through different communications channels.
• Report suspicious activity: Report phishing attempts to the ATO, ACSC, or ScamWatch.
• Keep software updated: Ensure your devices have the latest security updates and antivirus protection to defend against malware and phishing.
• Get Help: If you have been scammed as an individual, contact IDCARE. If your organisation has been impacted and you are an AUSCERT member, contact us. If not, contact the ACSC.

By staying alert and applying strong cyber hygiene practices, both individuals and businesses can reduce the risk of falling victim to sophisticated phishing scams this tax season.