Executive Summary

Shreshta Threat Intelligence has uncovered a ATO Scam targeting Australian Taxation Office users. 

Tax return scams involving myGov are on the rise and these deceptive sites, pretending to be a legitimate ATO website, seek to extract the users login credentials. We urge Australian citizens to be on guard against such phishing websites impersonating the ATO.


The motive of these threat actors executing the ATO Scam is to get access to Personally Identifiable Information of the user. This poses a risk of identity theft, financial fraud, tax-related scams, and targeted phishing attempts.

Technical Analysis of Phishing Campaign Aimed at ATO Users

Figure 1 – Screenshot of the phishing website that mimics Australian Taxation Office(ATO) 

Figure 2 – Screenshot displays the acceptance of incorrect credentials indicating a scam

Figure 3 – Upon signing in, the subsequent page prompts users to provide their account information and details of  notice of assessment.

Figure 4 – It Then displays a page to verify the identity, incorrect details are also accepted

Figure 5 – This screenshot displays successful linking of the account to the ATO.

Safety Recommendations

  1. If you become a victim of cyber crime, file a complaint at https://www.cyber.gov.au/report-and-recover/report. You can even call and report to 1800 008 540.
  2. Be alert about emails, telephone calls and messages claiming to be from the ATO
  3. Stay updated on the latest scam alerts by subscribing to ATO email updates.
  4. If you are an enterprise, protect your organisation in real-time from cyber threats such as phishing, malware, newly registered domain names and other malicious communication using Shreshta DNS Firewall. Please email sales@shreshtait.com for a free 30-day trial


Your myGov details are precious so do not let a scammer get access to them. Tax payers need to be alert not to fall prey to such phishing scams, by not divulging their Personally Identifiable Information.

Indicators of Compromise


Website |  + posts