We’re seeing an increase in reports about an email scam impersonating the ATO.
Scammers are emailing clients advising them that due to ATO security updates, they are required to update the multifactor authentication (MFA) on their ATO account.
The scam email includes a QR code which takes you to a fake myGov sign in page, designed to steal your myGov sign in details.
The images above are examples of what the scam may look like.
The ATO will never send you an email with a QR code or a link to log in to our online services.
If you receive an email like this, do not scan the QR code, click on links, open attachments or download files. Forward the email to firstname.lastname@example.org, and then delete it.