Protecting your myGovID

    27th August 2024

    Your myGovID is your key to accessing essential services online. It verifies your identity with the ATO, ensuring that it's you logging in. But to keep things secure, it's just as important for you to protect your myGovID and personal information.

    Unfortunately, scammers are becoming increasingly sophisticated, and we've seen a spike in attempts to steal ATO login details for fraudulent purposes. These cybercriminals are setting up fake myGov websites, designed to trick people into handing over their sign-in details. Once they have this information, they can commit tax fraud or even claim refunds in someone else’s name.

    The tactics they use are often sneaky. Scammers may send emails or text messages that look like they’re from the ATO, using phrases like “You are due for an ATO Direct refund” or “You have a new message in your myGov inbox – click here to view.”

    It’s important to remember: the ATO or myGov will never ask you to sign in via email or text message links. Always go directly to the official website to log in.

    We are urging you to stay vigilant and help keep your information safe!

    Protecting your myGovID

    To help protect your identity from being used fraudulently, it’s important that you:

    • keep your contact details up to date in the app
    • protect your email account by using strong and secure passwords as well as multifactor authentication
    • turn on notifications in your app Settings to ensure you receive verification notifications and notifications when your myGovID is active on another device
    • avoid storing images of identity documents in emails and be mindful who you share these with
    • use the security features in your device, such as fingerprint and face, to log in.
    Top Tips to Keep your myGovID safe
    • Use a personal email address when setting up your myGovID
      • If you have already set up your myGovID with a business email address, you can update your email address in the myGovID app anytime.
    • Protect your personal email account
      • Use strong and secure passwords for your personal email account and protect it with multifactor authentication. This is also sometimes known as 2-step or 2-factor authentication, common email services such as Gmail will also have help guides on how to do this.
    • Keep your smart devices secure
      • Enable built-in security features in your device such as fingerprint or face, and don't leave your devices unattended.
      • If your device is lost or stolen report it straight away by calling the myGovID support line
    • Turn on notifications for myGovID in your app Settings to ensure you receive verification notifications when accessing online services
      • If you receive a notification when you're not actively accessing an online service, report it immediately by calling the myGovID support line
    • Check myGovID setups regularly
      • You can now view a summary of each time your myGovID has been set up. Make it a habit to check it regularly.
    • Protect your identity documents
      • Avoid storing images of identity documents or document/card numbers in any email folders.
      • If you have sent these over email (for example to a bank) make sure you delete them from your sent items.
      • Be mindful who you share your identity and personal information with (including through online quizzes that may seem innocent but are designed to harvest your personal information).
    • Increase the security of your myGovID by verifying additional identity documents
      • If you have an Australian passport (expired no more than 3 years) you should verify it along with your photo. Verifying your photo is a real time, one-off face verification check that scans your face to check you’re a real person, and verifies that you are the right person.
    • Don’t share your myGovID, provide your log in code or enter your log in code for anyone
      • Each employee of a practice must set up their myGovID on a unique device.
      • Don’t allow others to share or use your device or login code. Sharing might seem convenient but remember that it also provides others with access to your personal data across online services.
    • Report suspected inappropriate access
      • If you suspect someone has inappropriately accessed your personal information in myGovID, report it immediately by calling the myGovID support line
    • Stay on top of your cyber hygiene
      • Run software updates straight away, keep antivirus software up to date, and always be careful when clicking on links and providing personal identifying information.

     

    Support and Information Available

    Remain alert and call the ATO  support line immediately to report:

    • a lost or stolen device
    • a device or record you don’t recognise in your myGovID setup history  
    • inappropriate access to your personal information in myGovID – even if you only suspect it
    • suspicious activity – For example, you’ve received a verification notifications when you are not actively accessing an online service or a notification your myGovID is active on another device when you haven’t set up your myGovID again.

    If you suspect you are a victim of fraud, you should:

    • report the circumstances to the police
    • phone the ATO Client Identity Support Centre on 1800 467 033.

    Remember, your myGovID is exclusively yours. Don’t share it with anyone, as it could open the door to unauthorised access to critical services like your tax records and health information. Safeguarding your myGovID is a crucial part of protecting your identity and personal security.

     

    Back to List

    Liability limited by a scheme approved under Professional Standards Legislation