Protecting your myID

Your myID (formerly known as myGovID) is your key to accessing essential services online. It verifies your identity with the ATO, ensuring that it's you logging in. But to keep things secure, it's just as important for you to protect your myID and personal information.

Unfortunately, scammers are becoming increasingly sophisticated, and we've seen a spike in attempts to steal ATO login details for fraudulent purposes. These cybercriminals are setting up fake myID websites, designed to trick people into handing over their sign-in details. Once they have this information, they can commit tax fraud or even claim refunds in someone else’s name.

The tactics they use are often sneaky. Scammers may send emails or text messages that look like they’re from the ATO, using phrases like “You are due for an ATO Direct refund” or “You have a new message in your myID inbox – click here to view.”

It’s important to remember: the ATO or myID will never ask you to sign in via email or text message links. Always go directly to the official website to log in.

We are urging you to stay vigilant and help keep your information safe!

Protecting your myID

To help protect your identity from being used fraudulently, it’s important that you:

• keep your contact details up to date in the app
• protect your email account by using strong and secure passwords as well as multifactor authentication
• turn on notifications in your app Settings to ensure you receive verification notifications and notifications when your myID is active on another device
• avoid storing images of identity documents in emails and be mindful who you share these with
• use the security features in your device, such as fingerprint and face, to log in.

Top Tips to Keep your myID safe

• Use a personal email address when setting up your myID
• If you have already set up your myID with a business email address, you can update your email address in the myID app anytime.
• Protect your personal email account
• Use strong and secure passwords for your personal email account and protect it with multifactor authentication. This is also sometimes known as 2-step or 2-factor authentication, common email services such as Gmail will also have help guides on how to do this.
• Keep your smart devices secure
• Enable built-in security features in your device such as fingerprint or face, and don't leave your devices unattended.
• If your device is lost or stolen report it straight away by calling the myID support line
• Turn on notifications for myID in your app Settings to ensure you receive verification notifications when accessing online services
• If you receive a notification when you're not actively accessing an online service, report it immediately by calling the myID support line
• Check myID setups regularly
• You can now view a summary of each time your myID has been set up. Make it a habit to check it regularly.
• Protect your identity documents
• Avoid storing images of identity documents or document/card numbers in any email folders.
• If you have sent these over email (for example to a bank) make sure you delete them from your sent items.
• Be mindful who you share your identity and personal information with (including through online quizzes that may seem innocent but are designed to harvest your personal information).
• Increase the security of your myID by verifying additional identity documents
• If you have an Australian passport (expired no more than 3 years) you should verify it along with your photo. Verifying your photo is a real time, one-off face verification check that scans your face to check you’re a real person, and verifies that you are the right person.
• Don’t share your myID, provide your log in code or enter your log in code for anyone
• Each employee of a practice must set up their myID on a unique device.
• Don’t allow others to share or use your device or login code. Sharing might seem convenient but remember that it also provides others with access to your personal data across online services.
• Report suspected inappropriate access
• If you suspect someone has inappropriately accessed your personal information in myID, report it immediately by calling the myID support line
• Stay on top of your cyber hygiene
• Run software updates straight away, keep antivirus software up to date, and always be careful when clicking on links and providing personal identifying information.

Support and Information Available

Remain alert and call the ATO  support line immediately to report:

• a lost or stolen device
• a device or record you don’t recognise in your myID setup history  
• inappropriate access to your personal information in myID – even if you only suspect it
• suspicious activity – For example, you’ve received a verification notifications when you are not actively accessing an online service or a notification your myID is active on another device when you haven’t set up your myID again.

If you suspect you are a victim of fraud, you should:

• report the circumstances to the police
• phone the ATO Client Identity Support Centre on 1800 467 033.

Remember, your myID is exclusively yours. Don’t share it with anyone, as it could open the door to unauthorised access to critical services like your tax records and health information. Safeguarding your myID is a crucial part of protecting your identity and personal security.