You’re filing your taxes wrong: 6 cyber mistakes you should never make

Don't be caught unawares. Here's what you need to know about filing your taxes online. (Source: Getty)
Don't be caught unawares. Here's what you need to know about filing your taxes online. (Source: Getty)

Cybersecurity experts are warning Australians to be vigilant this year about filing their taxes, with a number of tax-related schemes already circulating online.

According to the experts, tax time means a higher volume of people inputting their personal and banking information online – making it the perfect time for online criminals to strike.

“Cybercriminals are looking for your login details for your place of work, your personal computer, bank or financial institution, any authentication details you use, medical records, tax file number, legal documentation – the list is endless,” security firm KnowBe4’s Jacqueline Jayne told Yahoo Finance.

“Cybercriminals will do whatever is necessary to gather this information (and they don’t care about your personal circumstances by the way) and use it to impersonate you.”

But there are a few ways you can protect yourself from criminals this tax season. So when you’re lodging your taxes this year, here are the extra steps you should take:

1. Don’t use public WiFi

Put simply, the security for public WiFi is looser than on a private network – and this leaves you more vulnerable to cyber criminals. So while it looks safe to join, it may not be, warned Norton LifeLock ANZ security expert Mark Gorrie.

“Hackers utilise common attack techniques such as digital eavesdropping, malicious hotspots and remote malware distribution to access consumers private data,” he told Yahoo Finance.

But Jayne would take it a step further. “Don’t use free wi-fi ever. It’s that simple,” she said.

“If you must use it, make sure you are using a VPN.”

2. Use a VPN

A VPN, or virtual private network, keeps you and your information safer by encrypting your information and shielding it from malicious actors.

With a VPN, your internet traffic passes through your VPN, meaning your private information is hidden from your ISP and websites can’t log your browsing. This makes it harder for hackers to gather information about you and what you’re doing online.

There are a number of trustworthy VPN services, some that are free; do your research online. The most popular VPN services are considered to be ExpressVPN, Surfshark, and NordVPN.

3. Don’t do your tax return in public

Something called ‘shoulder surfing’ – where hackers steal your information by literally peeking over your shoulder from a distance by using their phone to zoom in on your login details – is a real threat.

And it also means keeping your tech on you at all times.

“Never, under any circumstances leave your laptop unlocked or unattended. Even if you are only leaving it for one minute,” said Jayne.

“Take it with you if you are going to order a coffee or even going to the toilet. Losing it or having someone install malicious software onto it while you aren’t there is very easy to do.”

Keep this in mind for your physical paperwork, like bank statements or documents with personal information on it. “Be careful where they are and who could see them.”

4. Don’t believe everything you see

Some of the easiest scams to fall for are those that look like they’re from trustworthy institutions, like your bank or the ATO.

“If you receive an email ‘from your accountant’ asking you to click on something, open an attachment, update your banking details, confirm your date of birth or any other personal information, STOP and pick up the phone,” said Jayne. Don’t download suspicious attachments, either.

Instead, find out what their legitimate number is – in the ATO’s instance, it’s 13 28 61 – from their real website. “The bad guys are getting very good at their entrapment techniques and it is always better to err on the side of caution.”

According to Gorrie, these are the tell-tale signs that an email is fake: the email doesn’t address you by name; the logos are incorrect or low-quality; it’s not sent from a legitimate vendor email address; is unexpected (e.g. informs you of a debt when you know you don’t owe any money); contains poor grammar; or urges you to click on a link that doesn’t lead you to an official web address.

So if you’re doing your taxes, access it through the legitimate website. “The bad guys have been working hard to impersonate the myGov website so ensure you aren’t clicking on an incorrect link to get there,” said Jayne.

You can report scams to Scamwatch. Saw someone pretending to be the ATO? Forward texts and emails to

5. Beef up your password

This is seriously the most preventable issue you could have. A recent study has shown that one out of 142 passwords is ‘123456’, and the OAIC found that 32 per cent of all data breaches are from human error.

So it pays to spend a little extra time to ensure your password is secure. According to Techradar, it takes hackers with a fast computer a “fraction of a second” to guess a password that’s six random lowercase letters.

But it’ll take them 500 years to guess a long password made up of 11 random lowercase and uppercase letters with numbers and special characters.

6. Find out if you’ve been pwned

Have you been hacked? There’s a website you can use to find out: “Enter your email address or addresses and prepare to be shocked,” Jayne said.

“If one or more of your email accounts has indeed been compromised, take the necessary action and change the password on it ASAP.”

Got another useful tip to protect your private information this tax time? Let us know at

Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, property and economy news.

Follow Yahoo Finance Australia on Facebook, Twitter, Instagram and LinkedIn.

Missed it? Catch up on every episode of the Yahoo Finance Breakfast Club: Live Online webinar series.
Missed it? Catch up on every episode of the Yahoo Finance Breakfast Club: Live Online webinar series.