Stop, scammers time: SMEs warned as 90s tax time scams make a comeback

Cargo pants and bucket hats are not the only icons of the 90s that are making a comeback; even tax-time scammers are recycling techniques from days gone by.

That’s according to Bendigo Bank, which alerted taxpayers to the resurgence of ‘retro’ scam methods on Tuesday, as the end of financial year (EOFY) quickly approaches.

Cyber fraudsters are taking a “step back in time”, said the bank, with a new (old) scam that involves customers being asked to open HTML files attached to emails to supposedly view important account changes or sign a document electronically.

These scammers are taking advantage of higher email traffic and pre-tax time purchases to try their hand at a bit of phishing, said Bendigo Bank’s head of customer protection Jason Gordon.

“Phishing has been around since the mid-90s, and people have been warned about not opening suspicious attachments for many years,” he said on Tuesday.

But like fashion lovers the world over, “attackers are continuously reinventing themselves”, he added.

In this case, file attachments like HTML, which are now relatively uncommon, are being used to bypass spam filters at one of the busiest times of the year for business operators, said Gordon.

Bendigo Bank says it has seen a host of recent scam reports about emails with malicious HTML attachments and the bank’s images and branding, which also borrow from the more commonly occurring impersonation scams.

These HTML files may open to a fake bank login webpage or form, which is then used by the scammer to obtain personal information to gain access to a victim’s devices, pin codes and login details, or access to the victim themselves.

“Do not click the link or open files in these emails,” said Gordon, reiterating common anti-scam advice.

Bendigo Bank says it will never ask a customer to log in to its internet banking service via a link in an email, as is the practice of other major financial institutions.

Meanwhile, security awareness training platform KnowBe4 has also shared what it says are the top four tax scams currently targeting Australians this EOFY.

At the top of the list are impersonation scams, including of government agencies like the Australian Taxation Office, followed by multifactor authentication (MFA) phishing scams.

Business owners are also being warned about a rising number of tax refund SMS scams and tax lodgement email scams.

“Small and medium businesses are especially at risk because AI-powered scams are becoming more sophisticated and convincing making it harder to identify a scam attempt,” says Dr Martin Kraemer, a security awareness advocate at KnowBe4.

“This highlights the importance of staying alert this tax season.”

More information about tax time scams can be found on the ATO website here and via ScamWatch.

Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on LinkedIn.