The Australian Taxation Office has recently detected cases of identity thieves fraudulently obtaining AUSkeys linked to legitimate businesses. Once an Auskey has been allocated, access is gained to the Business Portal so that fraudulent BAS can be lodged and bank details updated to accounts that are not controlled by the entity.
The ATO were able to detect the activity and take preventative action quickly. These AUSkeys have been cancelled and they are working with the affected businesses to protect their online security and monitor activity on their accounts.
Take the following steps to protect your business and to ensure your identity has not been compromised:
- check access manager to understand who in your business has AUSkey access and that their level of access is appropriate to their role
- remove access for employees who no longer work for you
- check the financial institution and contact details you have recorded with the ATO are correct.
Report any unknown or suspicious AUSkeys allocated to your organisation by calling the ATO on 1300 287 539 between 8.00am and 6.00pm, Monday to Friday.
It is good business practice to conduct these checks on a regular basis.
Source: Australian Taxation Office, small business newsroom, 2017, https://www.ato.gov.au/Newsroom/smallbusiness/General/AUSkey-fraud-alert/