Scams, card fraud and online impersonation are a big problem these days, with the latest statistics showing in the past year 3.5 million Australians fell victim to various forms of cybercrime.i
The government is so concerned, it announced an extra $6.7 million in the 2025–26 Federal Budget to fight the problem. The money will extend the operations of the National Anti-Scam Centre, which aims to protect consumers and businesses from scam activity.
So, what can you do to guard against online scams for you and your business?
Security is more than just a strong password
One key tip for better online protection is multi-factor authentication, because it uses several layers of security.
When using government services, always access them directly via my.gov.au, ato.gov.au or the ATO app – not by following a link in an email or text message. Further boost your security by setting a Strong myID, which is designed to help protect against tax fraud and identity crime.
Consider using passphrases rather than passwords. The phrases should be easy to remember and include a set of four or more random words, numbers and/or symbols. Longer passphrases are stronger.
Update devices and watch downloads
Make sure that your device security is always up-to-date by applying patches as soon as they become available, or by turning on automatic update controls. You should also consider using vulnerability scanning software to constantly monitor your systems for security risks.
For older devices, apps or software, consider upgrading to newer versions if they no longer receive updates.
Regularly backup your files to physical devices (such as an external hard drive) or the cloud to ensure your data is not damaged, lost or infected in a ransomware attack.ii
When downloading new software, ensure the source is legitimate. Free programs may contain malware that infects your computer or harvests personal data.
Stay alert to outsmart scammers
Use a spam filter on your email account and do not open unsolicited messages. Be careful clicking email links, even if they are from someone you know.iii
Regularly monitor your online accounts (including your myGov Inbox, banking and online services), to make it harder for scammers to convince you there is a problem.
If an organisation you deal with sends you an email or SMS about unexpected changes in your account, do not click on included hyperlinks or open attachments. Immediately check your account and contact the organisation by phone.
Keep personal information private and do not share it on social media, even when your security controls are set to private. Criminals use combinations of personal information harvested from different sources to impersonate you to access money and apply for credit cards and loans.iv
Sensitive personal information (such as your tax file number, passwords, superannuation and bank account details) must be keep secure. It should never be shared with others, including in emails or to prospective employers.
Protect your people, data and reputation
Cyber security should be a priority issue for businesses, with information about staff, clients and your operations carefully protected. If this data is lost or compromised, it can be difficult and time-consuming to recreate or recover.
It’s also important to establish controls limiting employees’ access to specific accounts, systems and files, particularly if those containing sensitive data. Unauthorised access to a business’ systems by past employees is a common cause of fraud, so ensure you remove system access for anyone who no longer works for you, or who has changed positions and no longer requires certain access levels. Login details for shared accounts should be changed.v
A key business rule should be no use of USBs or external hard drives from unfamiliar sources and avoid using public wireless networks, particularly for online transactions.
Take care using social media as a business. Scammers can use shared information to impersonate your business, or send emails designed to trick staff into providing valuable information or paying bogus debts.
It is also important to check the cyber security policies and practices for organisations you deal with.
For more information about improving your businesses cyber security visit Small Business Cyber Resilience Service
i Personal Fraud, 2023-24 financial year | Australian Bureau of Statistics
ii How to back up your files and devices | Cyber.gov.au
iii Secure your email | Cyber.gov.au
iv Top cyber security tips for individuals | Australian Taxation Office
v Top cyber security tips for businesses | Australian Taxation Office
