Beware of a New ATO DocuSign-Style Email Scam

Written By Kristy Paltridge

At Maher Group, we’re committed not only to helping you with your accounting, finance, mortgage and wealth-planning needs, but also to keeping you informed about threats that could impact your financial life. One recent scam deserves particular attention.

What’s Going On

The Australian Taxation Office (ATO) has warned of a phishing email campaign impersonating them. These emails mimic legitimate “DocuSign”-style requests, asking recipients to view or sign tax-related documents. The message may claim you have a tax refund, a tax debt, or a document to sign and it includes a link or attachment that takes you to a fake website.

Scammers hope you’ll click the link, enter personal or banking information, or inadvertently give them access to your accounts.

The ATO emphasises:

  • They will never send an unsolicited email asking you to log into your myGov/ATO account via a hyperlink.

  • They will never threaten immediate arrest or demand payment of tax debts through unusual methods.

  • If something feels off, always check via official channels, such as myGov or the ATO phone line, rather than trusting the email.

Why It Matters

Your personal tax file number (TFN), bank details, and identity information are extremely valuable. If scammers gain access, they could:

  • File false tax returns and claim refunds

  • Divert refunds or payments to accounts you don’t control

  • Use your identity to commit other forms of fraud

This is not hypothetical! Reports of ATO-themed impersonation scams have increased significantly in recent months.

How to Recognise the Signs

Watch out for these red flags:

  • Emails claiming to be from the “ATO” or “Tax Office” when you weren’t expecting any correspondence

  • Links asking you to “review”, “sign”, “release” your tax return, or “confirm bank details”

  • Sender addresses that don’t match official ATO domains

  • Urgent or threatening language such as “You must act now” or “Your refund will be void”

  • Requests to click links, enter login credentials, provide bank details, or download attachments

  • Spelling or grammar mistakes, or odd formatting

What You Should Do

Stop -  Do not click any links or download attachments until you’ve verified the email.

Check - Access your official ATO/myGov account directly by typing the address into your browser, or call the ATO on 1800 008 540 to confirm the email’s legitimacy.

Protect – If you have already clicked a suspicious link or provided personal information:

  • Contact your bank immediately if any payments were authorised

  • Change your passwords and enable two-factor authentication (2FA) where available

  • Monitor your tax and bank accounts for unusual activity

  • Report the incident via [email protected] or the ATO’s online reporting form

Kristy Paltridge
Next

The Rising Cost of Retirement: Do You Really Need $1 Million in Super to Retire Comfortably in Australia?