Tax time leads to 400% increase in cyber attacks: Businesses warned to be vigilant in face of “crime epidemic”

casual workers

Email security software provider MailGuard has seen a 400% increase in cyber attacks and phishing scams being delivered to inboxes over the past two weeks, reminding SMEs the lead up to tax time is a critical period to protect themselves.

Read more: Businesses warned of a malicious NAB email scam: Expert warns “unsophisticated” attacks can still hit you

In the 18-day period between May 29 and June 15, the company intercepted more than 15 “significant” attacks of varying sizes, close to one a day. MailGuard chief executive Craig McDonald warns businesses that this frequency could become “the norm” as the year progresses.

“In the last 24 months, we’ve seen a 300% increase, and in the past two weeks criminals have really kicked it up a notch,” McDonald tells SmartCompany.

Though MailGuard usually notes an increase in scams towards the end of the financial year, this year has been a higher volume than usual. Recently, a “low-tech” email impersonating Westpac bank hit numerous inboxes, while a fraudulent ASIC email was sent out in late May.

“Most businesses have heavier commitments around closing out the end of financial year, and if you’re going to try and trick someone, it’s best to do it when they’re the busiest,” he says.

“It’s still the same tactic of impersonating brands and regulators we know, like Telstra or the ATO, they’ve just stepped it up.”

During these busy periods, taking a minute to slow down and double check the legitimacy of an invoice or a suspicious email can save businesses from the highly opportunistic “seagull-like” scammers, says business security expert at Sophos, David Sykes.

Most businesses fall for these scams because they are expecting it, says Sykes, likening the situation to expecting a package from eBay.

“You click on something in your inbox that you were half expecting, and that’s it, you’re compromised,” he says.

“There’s a saying in the security industry: Assume you’re being compromised and work back from there. Unfortunately, businesses have got to assume they’re being targeted, so satisfy the email or invoice is legitimate before you process it.

“Don’t get click happy and jump on the hyperlink.”

Sykes also advises businesses to watch out for the information being requested in an email, saying if it “asks for anything other than the colour of your lawn, delete it”.

As businesses and employees get ready for tax time, McDonald believes educating executives and staff around the best processes when dealing with potential scams is imperative.

Most importantly, he says business owners should let their staff know it’s okay to ask questions, no matter “how awkward” they may be.

“If someone is purporting to be a senior executive and they’re asking for a transfer or transaction, pickup the phone and ask them if they requested it,” he says.

“However uncomfortable it may be to ask that question, it’s better to have an awkward conversation today rather than to not have a job tomorrow.”

Overall, McDonald says it’s time for businesses to become “aggressively aware” of the risks of cyber attacks, which he believes is now a “crime epidemic”.

“We have to be aggressively aware that this problem is not going away, these attacks exist and they’re only going to increase as a factor in everyone’s daily lives.”

Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on TwitterFacebookLinkedIn and Instagram.


Notify of
Inline Feedbacks
View all comments
SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: or call the hotline: +61 (03) 8623 9900.