ATO Account Got Hacked - How Long Will It Be Fixed?

Taro Milk Tea on 09/07/2024 - 13:05
Last edited 09/07/2024 - 13:17

Last year, my ATO account got hacked and the hacker managed to amend the previous years of my tax return so that he got paid around $25k. (Yes yes, lesson learnt. Always triple check email/sms/call from someone claiming to be from ATO).

I noticed on the day where the hacker made the changes and called ATO straight away. I told them to lock the account and cancel the payments because I got hacked - which they acknowledged they have stopped the payments.
Couple of days later, the payments got processed into the hacker's account (great job ATO).

I called again after that to check what am I going to do now and they mentioned that I can keep using the account as per normal (they just adding new layer of securities to login) and they will fix my account in next few weeks.

Now a year later….my account has not been fixed. I am still owed by ATO around $400 for my tax return 22/23…called ATO again and they were not helpful as always. Kept saying they will fix it and I can still submit the 23/24 tax return. Well…if I submit again, they will not process paying me because technically I am still in 'debt' to pay them back the $25k (PLUS INTEREST!!)

Anyone ever experienced this? How long will ATO fix this?

TLDR: ATO account got hacked. One year later, my account has not been fixed and ATO still owes me my tax return. How long will it take for ATO to restore an account that got hacked?

Financial

Related Stores

Australian Taxation Office
Australian Taxation Office

Comments

  • AdrianW on 10/07/2024 - 03:23

    I'm still waiting for last years to be completed. When I login to check the status says "In Progress" and the outcome is "Balancing Account". They're certainly taking their time as I submitted it either last July or August.

    • Taro Milk Tea on 10/07/2024 - 10:52

      Geez ATO surely takes their time!

    • SoapyWooder on 11/07/2024 - 08:27

      Do you have investments?

      • AdrianW on 11/07/2024 - 14:37

        No investments. Nothing special at all. I did accidentally have slightly too much salary sacrificed into super.

        Maybe me doing this year's return will prompt them to complete last year's.

  • bweiss on 10/07/2024 - 07:57
    +1

    You should have reported the 'hack' to the appropriate government organisation
    https://www.cyber.gov.au/report-and-recover/have-you-been-ha…

    If you haven't done this yet, then you should do it immediately.

    Given the dollar value you've indicated, you should also have a police file raised for it.
    Failure to do either of the things may be sufficient for the ATO to reject any future claim you have against you being personally liable. You didn't do all that you reasonably could to minimise the losses or to pursue the offender.

    • Taro Milk Tea on 10/07/2024 - 10:53

      yup, done all of the things mentioned above.

  • Brianqpr on 10/07/2024 - 08:07
    +4

    Got a random message a while back about my account being accessed. When I logged in I could see that someone had entered my email and password but didn't have the SMS code so failed to login.

    Changed the password to something far less likely to be guessed so hopefully fine now. 2 factor authentication is your friend.

    • stewy on 10/07/2024 - 08:35
      +2

      Had this happen to me last week, there was minimal attempts before they were able to log in and my MyGov was using an old password that I've rarely used, especially not with the email I use for MyGov, and isn't linked with any of the known leaks on HaveIBeenPwned. Luckily 2FA stopped them from gaining access into my account. My guess is there is a new leak out and/or they are cross matching data to cross linking different emails and passwords you use. AI is only going to make it easier for them to do that. I suspect too the recent increase in attempted logins was intentionally timed to fit in with the large influx of people that are filing tax returns, which would make a spike in fraudulent login attempts harder to detect.

    • hopper on 10/07/2024 - 10:20

      is 2 factor authentication via SMS or authenticator app?

    • MITM on 10/07/2024 - 13:26

      Did you get the SMS code ? That would indicate someone was currently hacking. Happened to me - got SMS codes in the early AM. Had Do Not Disturb on and didn't find out till I woke up. Scary.

      • Brianqpr on 10/07/2024 - 21:15

        Yes, same.

  • SlickMick on 10/07/2024 - 08:51

    How are you in debt? Did you fix your 23 return, changing refund from $25K to $400?
    I don't think withholding your 24 return is helpful. At worst, you won't get this refund either because your account is still in credit. At best it will trigger someone to look at your account and get it sorted.

  • Msfrugal on 10/07/2024 - 09:39
    -2

    Hi. Go to your Federal Mp office.
    Email them the situation and as they have connections to all govt departments they’ll help.

    Explain that it’s stressful and anxiety inducing situation.
    Best of luck and PLEASE can you let us know ?

    • Muzeeb on 10/07/2024 - 09:57

      Explain that it’s stressful and anxiety inducing situation.

      OP might just be frustrated. Are you suggesting they lie and play the anxiety, stress card for shits and giggles?

      Sounds like the dude that threatened to use video footage, that didn't even exist, as evidence.

  • Poor Ass on 10/07/2024 - 09:52

    I thought 2FA was forced?

    So I assume you had no 2FA

    They got your email from some hacked database and you used the same password for your MyGov

    Now days all bsb and account numbers are linked to an entity.. surely they can track who owns that bank account and who the funds are being paid out to?

    Some scammers use those foreign exchange bank accounts and add a reference to identify them but I would assume they are using fake ID or ID fraud

    • Taro Milk Tea on 10/07/2024 - 10:47

      Now days all bsb and account numbers are linked to an entity.. surely they can track who owns that bank account and who the funds are being paid out to?

      Funny thing was, I screenshot the hacker's bank account details and even got his bank account name on it on the day I called.
      They have a dedicated fraud team that would be able to trace the detail of the owner of that bank account detail and assured the payment would be put on hold - but well, surely they did not do it properly.

      • Poor Ass on 10/07/2024 - 12:10
        +1

        name could be fake but BSB and account definitely someone's account

        but what I am thinking is that the BSB and account is probably one they hacked too and is not the actual person…. so it's who they will transfer the money to that would be interesting. Maybe it's to another hacked account

        What's shits me is apparently if you know the person's bank account that is doing illegal activities and you contact that bank that there might be some fraud happening with the account. They won't flag or put any notes down at all… Which I guess is good and bad.

        • Nom on 10/07/2024 - 15:25
          +2

          These guys use stolen ID numbers (passport, driving licence etc.) to open the accounts, and the second the money arrives in the account then they send it overseas.
          There's no simple paper trail to either find out who the bank account owner really is, nor to get the money back once it's out of Australia.

          It happened to a friend of mine, their Real Estate Agent had his email account hacked, and the hackers sent an email for the house deposit with bank details of a fraudulent account. Over a hundred grand was transferred, and when they called the agent the next day to discuss, he had no idea what they were talking about. Police involved the same day, money was already gone.

          Unfortunately they were legitimately in the middle of the house buying process, so the payment email was entirely expected and so they actioned it immediately.

          • Poor Ass on 10/07/2024 - 15:32

            @Nom: thought you need to go to the bank to send overseas or maybe not

            • Nom on 10/07/2024 - 15:40

              @Poor Ass: Yeah not sure, maybe they just rocked up to the bank with their fake ID and did exactly that ?

            • ahara on 10/07/2024 - 21:49

              @Poor Ass: No, not required to go to a branch (Westpac at least).

              Have transferred to overseas account many times online. If it’s before their 5pm cutoff time it would get processed almost instantly as the money exchange to foreign currency is the obvious step that delays the SWIFT transfer.

              • Poor Ass on 10/07/2024 - 21:58

                @ahara: why Westpac the rates are so shit

                HSBC much better

                maybe UP too if they have

  • Roentgenium on 10/07/2024 - 10:05
    +4

    Have you got a case id 1-XXXXXX for the fixing of the hacking stuff?

    the compromised identity people are different to the fixing fraudulent refunds staff, so it may be a case of you're talking to CISC who are saying 'it will be fixed' and 'yes you can continue to use your account' — because thats all true, but the fixing the refund case hasn't been allocated or got stuck somewhere in the queue.

    A guide to escalations. be nice to the person on the other end of the phone :) I know it sounds stupid but trust me people have contacts in different areas who they can call favours on. if you're difficult (or even worse, if your tax practitioner is), it will be recorded in the case notes. frontline staff are given lots of discretion in many cases, how you or your agents have interacted counts for something here.

    1) ask to speak to someone who is complaints trained, explain the situation and your concerns. Ask for a service request id for this interaction (1-xxxxxxxxxx lots of numbers). do what they say or wait as long as they say.
    2) contact your local mp (with as many details as possible but please dont include your tfn, any case ids or service request ids you have are perfect!), they have a special number they can call on but please do the above first
    3) inspector general of taxation, this is really a last resort option and i'd be very surprised if it got to this point.

    • Taro Milk Tea on 10/07/2024 - 10:51
      +2

      yup, I have that case ID given to me. Was advised to not do the 23/24 tax return yet and they will escalate to 'fix' the account.

      They have all the records since on the day I called them to stop the payments - so I will see in the next couple of weeks. Thanks for the suggestions!

    • Telios on 10/07/2024 - 12:50

      Agree on all points made.

      CISC will be dealing with the identity stuff not the money stuff.

      Such is the behemoth of the ATO.

  • Telios on 10/07/2024 - 10:52

    You need to make sure you get in contact with a team called CISC at the ATO.

    They only operate of Canberra and will be a named agent.

    They specifically deal with compromised identities.

    Despite was most people think the ATO does campaigns each year targeting different specific goals.

    I believe this year is/was tradies and abuse of ABN claims.

    They don't really care about +-$25k.

    But you should absolutely see if you can get sent through to the CISC team or have one of the plebs transfer your case there.

    Ignore the dollar amounts, focus on the identity/hacker issue.

    • Taro Milk Tea on 10/07/2024 - 10:55
      +1

      I did straight away call the CISC team initially when I realized the account got hacked. The thing is, the teams withing ATO do not really talk to one another quiet well.

      When I called, the scheduled payment was still within a week. I told them to straight away cancel that and gave all the details. They knew where the money would go to, they had the 'revised' bank account detail of the hacker.

      • Telios on 10/07/2024 - 12:55
        +1

        Yup you've done the right thing.

        As mentioned in the post above, most likely the account fix is another internal team that may have been assigned and is in back log or still pending review.

        Unfortunately it's happened right around the time all the teams start getting smashed for several months, best to track service request numbers and gently push every few days to make sure you stay near the top of the updated lists in EDP etc.

        It's probably gone to a small team and depending on what "campaign" is being worked on sometimes specific teams get smashed with work.

  • Viospeed on 10/07/2024 - 12:15

    It never ceases to amaze me how people are still falling for the SMS and phone call scams.

  • nizzkid on 10/07/2024 - 12:40
    +5

    People get scammed because…
    Two years ago a workmate of mine got the details of an accountant who got him a massive tax return.
    He told us about it and gave the details to a couple more people at work.
    Me being cautious of scams said no thanks.
    Last year those people used this accountant and also got massive tax returns.
    I still didn't bite.
    This year they are using the accountant again.
    So, curious, I asked for more details.
    You have to SMS this accountant your myGov username and password. And SMS the 2fa code so he can do it from your myGov.
    I said there's no way I would do that!
    F that!

    • netjock on 10/07/2024 - 16:02
      +4

      That is because it isn't a real accountant.

      They are going into myGov and ATO to do self assessment. Therefore anything goes wrong it is on you not the accountant. In fact that accountant has no liability at all unless you can prove they submitted it.

      • nizzkid on 10/07/2024 - 20:47
        +1

        I understand all of that fully.
        If you were able to meet this accountant in person and log in to myGov yourself I might have been interested.
        But they will only work remotely via sms.
        Giving someone access to your myGov is just nuts.

    • larndis on 11/07/2024 - 07:45

      Getting a 'massive' tax return is a sign of a bad accountant, not a good one!

      Lol at how many people actually think that if their fake claims get paid out that somehow makes them legit.

    • dankru on 11/07/2024 - 20:32

      I’d be reporting these people to the ATO. it is fraud

  • ef7411 on 10/07/2024 - 13:25
    +4

    Heads up for others, due to the numerous data breaches, you can remove your email for sign in and use the generated user name instead to log in. It can be removed in account setting of mygov.

    • MITM on 10/07/2024 - 13:31

      Name checks out !

  • dodgybrothers on 10/07/2024 - 13:34
    +3

    No, they won't fix it. It will stay like this forever, according to their current system. My partner's account was hacked three years ago. Someone managed to amend and lodge previous tax returns, claiming almost $7k. It's not about your password; my partner had two-factor verification too. If you know how the tax system works, all you need is a TFN, address, email, and driver's license number etc to amend anyone's previous tax returns (at least that's what happened in my partner's case).

    Since then, they have blocked the account. Every year at the time of lodgement, have to call the ATO (wait around an hour) to unblock the account (which is valid for 24 hours) so my partner can lodge the claim. It gets automatically locked after 24hrs window, so if you cannot lodge during that time for whatever reason, than call them again. They are still 'investigating' the previous amended claim. It's been a few years, and there’s still no resolution.

  • Sleepy Leo on 10/07/2024 - 14:00

    I found a similar post to yours, but from an ATO worker on Whirlpool.

    Link

    Luckily their amendment was rejected.

    I'm majorly worried because my instalments are over $100k per year. If they clean me out for several years of amendments, I'm not sure how I'm going to handle it.

    • burningrage on 11/07/2024 - 13:14

      The story mentioned in the link basically talked about the victim believes someone created a fake MyGov account and then subsequently linked it to the victim's ATO account. While this is plausible explanation, the reality is it is not that easy to link MyGov to ATO.

      It requires 2 out of 6 pieces of information as stipulated here: https://www.ato.gov.au/online-services/online-services-for-i…

      The first one would require you to have done past tax return in order to provide the banking details used for refund. Getting this information in a hacked envirionment would mean the scammer would ALREADY have been inside your ATO account and see which bank accounts used for past refunds. So this one is simply not possible unless one exception which I will suggest below

      The second one would require the scammer has access to your group certificate, which is not impossible if the scammer has hacked the victim's email but nowadays, nobody provides group certificate anymore and if you want to know the payment summary, have to visit HR or go online and look at last payslip.

      The third one would require you to know your Centrelink Payment summary. If you are not even on Centrelink, this is nigh impossible for the scammer to provide and if you are on Centrelink, then the scammer would have already have access to your payment summary (which is an even greater problem).

      The fourth one would require you to know your past Notice of Assessment, which is again nigh impossible if the scammer has not already had access to it before deciding to link his new scam MyGov to it. Unless that Notice of Assessment was sent via mail and the scammer somehow got access to it.

      The fifth and sixth (Super and Dividend Statement) would be even more difficult to obtain unless the victim has already got their Super account and Stockbroking account hijacked.

      So it's actually not easy to link new MyGov to ATO and I know this because I was helping an international student doing a tax return for the first time and she basically doesn't have 2 of these 5. We would have to do a paper tax return this year.

      My guess is it could be an insider job.

  • creesy on 10/07/2024 - 18:57
    +1

    Pretty common happened to my wife except the money landed in our bank account because the hacker couldn't change it. (Had phone calls after the fact from the "ATO" they knew the amount of the amendments but wanted to be paid in Amazon giftcards.)

    Look forward to having to call the ATO every time you want to access your ATO online account and they will only unlock it for 48 hours at a time.

  • krisspy on 10/07/2024 - 20:12

    Once your account gets compromised, the ato puts a softlock on it. Every return/refund/lodgement needs to be confirmed by you before it progresses. Refunds gets extremely delayed since there are alot of checks.

    I dont think this ever gets removed.

  • jaimex2 on 11/07/2024 - 09:01

    They charge you heavy interest when you owe them anything so I suggest you do the same.

    • shap08 on 11/07/2024 - 11:48

      What is this copy pasta?

  • nobro25 on 11/07/2024 - 18:07

    Please keep updating this forum…. I have my popcorn ready and is keen to see how this plays out years down the track.

  • dankru on 11/07/2024 - 20:29
    +1

    Contact your local federal MP

  • jonkvh on 12/07/2024 - 15:17

    Normally the account lock is due to continuing investigation. However, someone above mentioned 3 years being locked out. Can't work that out.

Login or Join to leave a comment
Login Join