ATO AUSkey Fraud Alert

April 21, 2017 by Oliver Sirisonthi

auskey security

With technology, we can work better and faster to grow our businesses. However cyber crimes and new methods of hacking and gaining unauthorised accesses have increased inline with this.

If you are a business owner, a registered BAS Agent or a registered Tax Agent using a web portal provided by the ATO we wanted to update you with some information on how to best protect yourself and your business from fraud.

At the end of January (30th January 2017), the Australian Taxation Office (ATO) released confirmation that they detected fraudulant activities of people obtaining AUSKey’s associated with businesses. Once an AUSkey has been allocated, access is gained to the Business Portal so that a fraudulent BAS can be lodged and bank details updated to accounts that are not controlled by the entity.

To electronically lodge forms, update business details including the business's financial institutions and communicate with the ATO, a business owner uses the Business Portal; a registered BAS agent uses the BAS Agent Portal and a registered tax agent uses the Tax Agent Portal. The ATO has reported cases of AUSKey’s being obtained to gain access to the portals and have warned that this can happen to business owners or registered agents. We, at Saasu, encourage our users in Australia to be aware of this issue.

ATO has advised three steps to protect your business (or your client's business if you are an agent) and to ensure your identity has not been compromised.

  1. Check access manager to understand who in your business has AUSkey access and that their level of access is appropriate to their role
  2. Remove access for employees who no longer work for you
  3. Check that the financial institution and contact details you have recorded with the ATO are correct.

The ATO were able to detect the activity and take preventative action quickly. Those AUSkey’s have been cancelled and the ATO is now working with the affected businesses to protect their online security and monitor activity on their accounts.

You can report unknown or suspicious AUSkeys allocated to your organisation by calling 1300 287 539 between 8:00 AM and 6:00 PM, Monday to Friday.

The ATO advises that it is a good business practice to conduct these checks on a regular basis.

For details on the ATO website, please see https://www.ato.gov.au/Newsroom/smallbusiness/General/AUSkey-fraud-alert/.

If you have any question, please do not hesitate to contact us at service@saasu.com.