Federal police are hunting a gang of identity thieves who have been hacking the tax file numbers of up to 500 Australians a day.
The sophisticated online fraudsters have breached payroll systems, harvesting extensive personal details of workers and using the information to lodge fraudulent tax returns.
The revelation is the latest evidence of a large-scale identity fraud problem against government sites and services such as like MyGov, Medicare and the ATO and Labor wants a national investigation.
In one case this month, payroll software used by a Melbourne accounting firm was hacked and the personal and financial details of 1600 employees of its clients were obtained.
An alarming level of personal data was plundered including, names, address, dates of birth, tax file numbers, bank account details, gross earnings and superannuation funds and membership numbers.
The scammers then prepared and lodged tax returns in the names of some of the unwitting workers.
It is was also confirmed to victims that MyGov accounts could have been accessed and changed, or new accounts created using the stolen data, potentially leading to all services linked to the federal government web portal, including Medicare, Centrelink and Child Support, being compromised as well.
Scammers hit NSW, VIC money men, change account deposit details
The Australian Federal Police is investigating phishing attacks against accountants that some say has seen thousands lifted from bank accounts.
The scam targets users of the popular Xero accountancy software-as-a-service service, with what is said to be a would-be login portal that steals credentials.
Money is being shipped off to a bank account in Western Australia, sources familiar with the attacks say.
The Federal Police cybercrime operations wing says in a boilerplate response it is investigating the compromise and will liaise with XERO and victims.
Spokeswoman for the New Zealand company Alex Mercer said Friday a “very small number” of login details were stolen either through phishing or malware.
“We are working closely with the users concerned to help address each of their incidents,” Mercer says.
“As you can appreciate, we do not discuss details about a user’s issue outside of informing the authorities or another organisation that needs to be involved.”
Mercer says customers should take the usual good security defense measures including updating and running antivirus before resetting passwords.
Security types say they know of a handful of businesses in NSW and Victoria were affected. In those cases attackers had used the stolen login credentials to change bank account details such that subsequent deposits were funnelled into attackers’ hands.