Be especially aware of scams as we near the end of financial year

New Zealand’s financial and tax year end is 31 March, and as that date approaches, people have a higher anticipation of having contact with Inland Revenue for income taxation matters.

Con artists are expected to try duping people during what may be a stressful time of year. As fraudsters overseas start using artificial intelligence to write new scam scripts, watch out for more old-fashioned tax scams.

Some tax scams are phishing expeditions, when scammers impersonate well-known companies or agencies to trick people into handing over credit card details or personal information. With AI, we can no longer rely on poorly written email as a tip-off that it is a possible scam. Facilities like ChatGPT write very passable, realistic content that mirrors and is consistent with genuine email issued by banks or Inland Revenue.

Throughout the year, people should be wary of any emails or texts purporting to come from IRD and saying there is a refund to collect or a tax bill to pay.

Also avoid clicking on links or attachment in emails.

Inland Revenue also indicates these are other signs of a possible scam:

• They might ask for passwords to your online accounts. Legitimate organisations will never ask for passwords.
• Scammers often give website or email addresses that are wrong but look almost right. For example, they might send you to ird.co.nz, ird.qovt.nz or ird.gov.nz, instead of the correct ird.govt.nz
• A scammer may ask for your bank account details. We'll never ask you to email or text us this information – we'll always ask you to supply this through myIR.

Other information about possible scams is available on their website, including a reference to where a scam should be reported. (phishing@ird.govt.nz)

As this newsletter has been being finalised, comes the news of a major data breach of the Latitude Financial group. Reports indicate data theft of over 14 million customer records, including driver’s license and passport details. Customers of Latitude and its related clients (i.e. Harvey Norman and Kiwibank) are likely to be bombarded with convincing phishing attacks using the stolen data to obtain financial details, while scammers could also buy the information online to attempt identity fraud. Although some are saying the information stolen is old and possibly out of date, experts are saying it won’t be the last of such breaches.

As we reported to you earlier, scamming and ransomware are real and happen so it pays to be vigilant and aware, especially this time of year.