In July, a small business owners thoughts turn to tax - and scammers are ready to take advantage of that.
There are tens of thousands of reports from businesses concerning tax-related scams at this time of year, according to security vendor Sophos's ANZ general manager Ashley Wearne.
These scams usually target the owner of the business, as they are usually the busiest person in the organisation at this time of year, and it's so easy for them to click on the wrong email when they are going through their inbox in a hurry.
"It's a very common thing, and successful for the scammers," he says.
Businesses lost $4.7 million to these sorts of scams last year, so "you need to take a bit of care."
Wearne says people should watch out for emails purporting to come from the ATO, ACCC or other government bodies, and pause before opening them. "Why would you rush to have an interaction with the ATO?" he asks
"These guys are very clever. This is the ideal time for them," he says. So remember that the ATO already has your information, and that "the real ATO won't ask you to click on a link."
If you think such an email looks genuine, go directly to the ATO's site (type the www.ato.gov.au URL directly into your browser; don't rely on a link you find in an email or on a web page), or phone them (similarly, use the inquiry number shown on a recent tax return or other printed communication from the ATO).
"Anyone who has money is dealing with the tax department," he says, and having money makes them targets for scammers.
So ask yourself "how many times do you want to pay your tax?" Once to a scammer and then again to the ATO?
Also beware of emails purporting to come from banks, insurance companies, health funds and so on, he warns. These organisations often send summaries at this time of year, so it's tempting to open emails that pose as messages from such organisations and then open any attachments or click on the links they contain.
Technology can provide some protection. Spam filters - especially those operated by providers with very many customers - can help stop the scams from arriving, and modern security software can intercept attempts to visit 'known bad' sites such as those used by scammers.
But it is important that people don't come to rely on such measures - they must keep up their guard.
One way this can be encouraged is by sending scam-like emails to the people within your organisation to see who clicks the links. The culprits can then be suitably counselled. This practice vastly improves awareness, says Wearne, but there will still be some serial offenders who require other measures.
Scammers aren't only using email, Wearne warns. Scam SMSes are becoming more common. From the scammer's point of view they are relatively simple as there is no need for logos or sophisticated content. Something like "Your ATO data has been compromised - click this link to check" can do the trick. Yes, it does cost money to send an SMS, but the Bad Guys aren't worried about breaching a carrier's terms and conditions, or using someone else's account with a bulk SMS service.
The ATO's Scam Alerts page warns of SMS scams that say a tax refund is due and ask for personal information including the victim's tax file number, and credit card number and CVV number so it can be paid. Consequently, money goes out of the victim's account, not into it.
So be on your guard when you see a communication from the ATO, even - no, especially - when you are busy.