accounting times logo



Cyber scams to spike 400% at tax time, CBA warns

22 May 2024
cyber scams to spike 400 at tax time cba warns

Experts say scammers will ramp up efforts to steal tax and super portal login details through AI-enhanced phishing emails and texts.

Cyber criminals will ramp up their tax scam activity by 400 per cent during the end of financial year with small and medium businesses most at risk, experts say.

CBA small business banking executive general manager Bec Warren said emails or texts asking for taxation portal login details should set off red flags for member portal scams.

According to CBA, member portal scams involved phishing for tax or superannuation member portal credentials through email or text messages.


Once scammers gained access, they altered payee details so that tax returns or superannuation payouts would be deposited into accounts controlled by the scammers.

The four-fold increase in reports of member portal scams during tax season showed “the determination scammers have to try to scam unassuming small business owners out of their hard-earned money,” Warren said.

“Make sure that, when you are entering your login details and passwords, you do so on the organisation’s official portal and do not click on any suspicious links. Scammers will usually create a sense of urgency to get you to act quickly, not leaving you enough time to think,” Warren said.

CBA said small businesses were most at risk, being more likely to be pressed for time and resources amid the demands of tax season.

“We all know small businesses are often family run, have fewer resources and not a lot of free time on their hands, which can make them more likely to miss some of the red flags they otherwise would have spotted,” she said.

“This is why it’s always important to stop, check and reject any unusual emails, texts, links or payment requests.”

But owners of medium-sized businesses have also been urged to remain on “high alert” by MYOB.

According to a recent survey from the accounting software provider, three out of five medium businesses experienced a cyber attack or cyber incident, rising to 81 per cent for businesses in finance and insurance.

Head of cyber security Peter Wolski said the mid-market was a “tipping point” for cyber threats as they had fewer resources than larger businesses but outgrew solutions used when they were smaller.

“Cyber security should be top of mind for businesses of all sizes, but the mid-market often represents a tipping point where the threat can become particularly critical,” Wolski said.

The survey of 500 mid-sized Australian businesses found 83 per cent of respondents have carried out system upgrades or cyber training in the last two years, with 84 per cent feeling prepared for a cyber event.

But Wolski urged against complacency, particularly as AI made it easier for cyber criminals to craft more sophisticated messages.

“The threat is very real … businesses shouldn’t get too comfortable, especially as cyber criminals get more sophisticated,” he said.

“All the benefits that Gen AI brings in terms of automation and intuitive communication unfortunately also help those who might be looking for security vulnerabilities. It’s more important than ever to be vigilant, as it’s not as easy to immediately identify scam communications.”

About the author

author image

Christine Chen is a graduate journalist at Accountants Daily and Accounting Times, the leading sources of news, insight, and educational content for professionals in the accounting sector. Previously, Christine has written for City Hub, the South Sydney Herald and Honi Soit. She has also produced online content for LegalVision and completed internships at EY and Deloitte. Christine has a commerce degree from the University of Western Australia and is studying a Juris Doctor degree at the University of Sydney.


Join our subscribers get exclusive access to freebies and the latest news

Subscribe now!