Tax time is approaching fast in Australia. Accountants are getting busier, bookkeepers are collecting documents and every business owner is thinking about payroll, payment summaries, BAS deadlines and ATO reporting. 

What most people do not think about is the first major tax season threat, the scam that shows up before the paperwork even begins. 

And every year there is one scam that hits Australian small businesses first because it is simple, believable and easy for criminals to automate. It often lands in inboxes long before anyone realises what is happening. 

The Payroll Information Scam That Hits First 

Here is how it works. 

Someone in your business, usually the person who manages payroll, finance or HR, receives an email that appears to be from the owner, CEO or a senior manager. 

The message is short and urgent. 

“Hi, I need copies of all staff payroll records for a meeting with our accountant. Can you send them through today, I am flat out.” 

Nothing about this message looks suspicious. 
The tone feels familiar. 
The timing feels normal. 
The request seems perfectly reasonable during tax season. 

So your employee sends the files. 

But the email did not come from the CEO. It came from a criminal using a fake but convincing email address or a domain that looks almost identical to yours. 

The attacker now has access to highly sensitive employee information, including: 

• Full names 
• Tax file numbers 
• Home addresses 
• Salary and payroll details 
• Employment dates 

It is everything a criminal needs to commit identity theft and lodge fraudulent tax returns before your employees even get a chance. 

What Happens After the Breach 

Most businesses do not discover the scam right away. 

The first clue usually appears when an employee tries to lodge their return and receives a message from the ATO that a tax return has already been submitted for their TFN. 

Someone has already claimed their refund. 

Now they are dealing with the ATO, identity theft services and weeks of unnecessary stress trying to prove who they are. 

Multiply that across your entire payroll. 

Then imagine having to tell your team that their information was leaked because someone responded to an email they thought was from the boss. 

This is no longer just a cybersecurity issue. It becomes a trust issue, a HR issue and in some cases a legal and reputational problem. 

Why This Scam Works So Well 

This scam is not obvious. It works because: 

• The timing feels normal. Payroll information moves around a lot at tax time, so no one questions it. 
• The request is believable. Unlike money transfer scams, sending payroll files does not raise suspicion. 
• The urgency makes sense. Leaders are genuinely busy during this period, so a quick request sounds legitimate. 
• The sender looks real. Scammers research names, roles and even your accountant. They do their homework. 
• Employees want to help. When a message looks like it comes from the boss, people act fast. 

Scammers win because they target human behaviour, not technology. 

How to Protect Your Business Before This Scam Lands 

The good news is that this scam is easy to stop with the right rules and culture in place. 

1. No payroll documents sent by email. Ever. 

Payment summaries, payslips and payroll reports must never leave the building through an email attachment. If someone asks for them via email, the answer is no. 

2. Verify any sensitive request using a second channel 

Call the person. Send them a Teams message. Confirm in person. 
Never reply to the suspicious email. Never trust a phone number listed inside it. 

3. Hold a ten-minute tax season briefing with payroll and HR 

Do this now. Not next month. 
Make sure your team knows these scams are coming and understands exactly what to do. 

4. Lock down payroll systems with multi factor authentication 

If someone’s password gets phished, MFA blocks the attacker from logging in. 

5. Make verification part of your culture 

The staff member who double checks a request from a senior manager should be thanked, not made to feel cautious. 
When checking is normal, scams fall apart. 

These five steps can be implemented this week and they will stop the most common early season scam. 

The Bigger Picture 

The payroll information scam is just the warm up. As tax time approaches, expect more threats disguised as: 

• Fake ATO notices demanding urgent payment 
• Emails pretending to be software updates from Xero or MYOB 
• Messages that look like they came from your accountant 
• Invoices timed to blend into end of financial year chaos 

Tax season is a perfect storm for cybercriminals. Everyone is busy. Everyone is moving fast. Financial requests do not look unusual. 

Businesses that get through tax season safely are not lucky. They are prepared. 

Is Your Business Ready? 

If you already have policies, awareness and protection in place, you are ahead of most small businesses. 

If not, now is the time to prepare. Not after something goes wrong. 

If this sounds like your business, book a ten minute discovery call with BlueReef. We can review: 

• Your payroll access and security 
• MFA setup and gaps 
• Email protections that stop spoofed messages 
• The one policy change most businesses overlook 

If this does not sound like you, great. But chances are you know a business owner who needs to see this. Share it. It could save them a very expensive problem. 

Book your ten minute discovery call today. 
Call us on 08 8922 0000 or visit our contact page: https://www.bluereef.tech/contact 

 

Support Links

Support Portal

Support Articles

Systems Status

Communication Services Account Portal

Other Links

Referral Program

Trading Terms & Policies

Community engagement

Careers & employment

Search website

© 2008 - 2020 BlueReef Technology (Tropical Business Solutions Pty Ltd)