Fake ATO Refund Messages 2026: Spot a Tax Scam
Last reviewed:
Primary tax-year context: Current Australian tax settings
This article is general information only. We maintain pages using primary-source checks and date-based reviews. See editorial policy.
Don’t trust an SMS or email saying you’re owed a refund. Calculate your real refund with our refund estimator →
Tax scams ramp up sharply between June and October — the period when most Australians lodge and receive refunds. In 2026 the ATO has reported a significant rise in fake refund messages sent via SMS, email, and automated phone calls. Scammers time these to land right when real refund notices are expected, making them harder to dismiss. This article explains how to distinguish a genuine ATO message from a fake one, describes the most common attack patterns in circulation right now, and tells you exactly what to do if you’ve already engaged with one.
How to tell a genuine ATO message from a scam
- The ATO never asks for your TFN over SMS or email. If a message requests your Tax File Number to “release” a refund, it is a scam.
- The ATO never demands payment in gift cards, cryptocurrency, wire transfer, or cash. Any message that asks you to pay a fee to receive a refund is fraudulent.
- Genuine ATO domain is ato.gov.au — nothing else. Links to ato-refund.com, my-ato.gov, mygovau.net, or any variation are fake. Check the URL character by character before clicking.
- The ATO never threatens immediate arrest, deportation, or police action over a tax debt. Threatening language is a defining feature of phone and SMS scams.
- Genuine ATO communications arrive via your myGov inbox, not unsolicited SMS. The ATO sends letters and myGov messages — it does not initiate contact with taxpayers by text to offer refunds.
- Genuine ATO messages address you by your full legal name, not “Dear Taxpayer,” “Dear Customer,” or a generic greeting. An impersonal salutation is a reliable tell.
Common 2026 scam patterns
SMS / text scams
Current SMS scams use link shorteners (bit.ly, tinyurl) or look-alike domains to disguise the destination. A typical message reads: “ATO: A refund of $849.00 is ready for your account. Confirm bank details here: [shortened link].” The urgency is deliberate — phrases like “expires in 24 hours” or “respond immediately to avoid cancellation” are designed to prevent you from pausing to verify. The link leads to a fake myGov login page that harvests your credentials.
Email / phishing
Phishing emails spoof sender addresses to appear as [email protected], but the actual sending domain is different — hover over (don’t click) the sender address to see the real domain. Many include attachments described as “your 2025-26 tax assessment” which contain malware macros. Branding quality has improved markedly; logos, fonts, and layouts now closely mimic genuine ATO correspondence. The key giveaway remains the destination URL on any embedded link and any request for payment or credential verification.
Phone-call scams
Automated robocalls claim your TFN has been “suspended due to suspicious activity” and instruct you to press 1 to speak to an agent. The agent then uses a threat-and-resolve script: warn of imminent arrest or deportation, offer to resolve it by paying a fee (gift cards or wire transfer). Caller ID is spoofed to display real ATO numbers. If you receive such a call, hang up and call the ATO directly on a number from ato.gov.au — not one provided by the caller.
What the ATO will and won’t do
The ATO WILL:
- Communicate with you via your myGov inbox and by post for formal assessments.
- Give you time to respond and the right to seek independent advice before taking any action.
- Allow you to call back on a number published at ato.gov.au to verify any contact.
- Confirm identifying information (your name, address, last lodgement date) when you call them — you should not need to provide yours unprompted.
The ATO WON’T:
- Demand immediate payment in gift cards, cryptocurrency, prepaid cards, or cash.
- Threaten you with immediate arrest, deportation, or police if you don’t pay on the spot.
- Request remote-desktop access to your computer or phone.
- Send unsolicited SMS or email asking you to verify your TFN, bank account details, or myGov password.
If you’re unsure whether a contact is genuine, verify it at the ATO’s official scam reporting page before taking any action: ato.gov.au — Verify or report a scam.
If you’ve already clicked a link or shared details
- Don’t reply or click further links. Cease all engagement with the scam contact.
- Report it to the ATO via their verify-or-report page (https://www.ato.gov.au/online-services/scams-cyber-safety-and-identity-protection) or call 1800 008 540.
- Change passwords on your myGov account, email, and online banking immediately. Enable two-factor authentication on each if you haven’t already.
- Get help from IDCARE — Australia’s national identity and cyber support service at https://www.idcare.org/ (free). Their counsellors can guide you through the recovery steps specific to what you shared.
- Contact your bank immediately if you provided any payment details, card numbers, or authorised a transfer. Ask them to halt the transaction and flag your account.
Verify your real refund before trusting any message
Real ATO refunds appear in your myGov inbox with a formal Notice of Assessment, and the ATO publishes its typical processing timeframes on ato.gov.au. The safest approach is to calculate your expected refund yourself before lodging — that way, any message claiming a wildly different amount is immediately suspect. Use our refund estimator to get your real number in under a minute.
Use our refund estimator to see your real refund amount in 30 seconds — no SMS required.
General information only. This is not financial or legal advice. If you believe your identity has been compromised, contact IDCARE or your bank directly.
Last verified 2026-05-01. ATO scam-warning guidance for the 2026 tax year.