Story image

Inland Revenue says watch out for tax refund scams

07 Jan 2019

Inland Revenue is warning New Zealanders to be vigilant about any ‘tax refund’ emails they receive that appear to look genuine.

Inland Revenue, which is undertaking a ‘Changing for you’ campaign, recently sent out genuine emails to more than two million New Zealanders about proposed tax changes regarding automatic tax assessments and other changes.

However it didn’t take long for scammers to pick up the scent and take advantage of the campaign for their own benefit.

Inland Revenue customer segment leader Bernadette Newman says scammers are sending convincing-looking emails, but there are key details that show that it’s a fake.

“The e-mail asks you to complete the steps below to release money owed to you. There’s a link to fill in a form with advice to ‘just fill it in and get your returns in order now’,” says Newman.

One of the emails, which copies genuine Inland Revenue and New Zealand Government logos, appears to come from provider@ird-taxingreturn.co.nz – which is not Inland Revenue’s email address.

“When you receive an e-mail like this, purporting to come from IRD, don’t click on it – but use your mouse to hover the web address and make sure it’s for a real Inland Revenue website.” Inland Revenue’s ‘Changing for you’ campaign details how automatic tax refunds can be issued to eligible customers if Inland Revenue holds customers’ up-to-date bank account information. This can be updated through myIR, the secure online portal, which is password protected."

Inland Revenue will be sending more emails about the campaign in the new year.

“You will know you’re in safe hands if you’ve been directed to myIR where a valid log-in is required,” says Newman.

“Unfortunately, scammers and phishers will try to take advantage of the volume of e-mail we’re sending and try to access bank accounts and steal people’s money. It’s important to know what a fraudulent e-mail looks like. 

“You don’t want your summer holidays ruined by a scammer so take the time to check your e-mail and delete the fakes.”

Inland Revenue will never:

• email you with the amount of your refund (only within myIR) or send you an e-mail, knock on your door or phone you promising a tax refund.

• ask you to pay money to release a tax refund. 

• send you an email with a hyperlink to a webpage that asks you to submit your personal information. 

• demand payments through NZ Post or a gift card.

If you receive a text scam message or a fraudulent call, email phishing@ird.govt.nz.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.