Compromised TFN? How to Spot the Signs and Stop the Scammers

“I just got a letter saying I received my tax refund, but I haven’t even lodged my return yet.”

That’s the last thing any tax accountant wants to hear you say. Unfortunately, it’s a message we get almost every tax season from confused Australians who don’t realise their Tax File Number (TFN) has been compromised. 

Your TFN might look like a random string of digits, but in the hands of cybercriminals, it can unlock your entire financial life. This unique identifier opens the door to your tax records, superannuation, government benefits, and countless financial services. Once criminals compromise your TFN, they can create elaborate schemes to steal your tax refunds, access your superannuation, claim government benefits, and even set up fraudulent businesses in your name. The cleanup process could then take months, creating headaches that make filing your tax return seem enjoyable by comparison.

We see it happen all too often. Each year, thousands of Australians discover their TFN has been compromised, usually months after scammers started using it. In our five decades of accounting work, we’ve guided countless clients through these nightmares, learning exactly what works to protect your TFN and what doesn’t. In this guide, we’ll share everything we’ve discovered about stopping scammers before they strike.

By the time you finish reading, you will: 

  • Understand the warning signs of TFN compromise
  • Know exactly what steps to take if your TFN is stolen
  • Have a solid plan for preventing future security breaches. 

Whether you’re worried about your TFN security or just being proactive, ITP’s tax experts have got you covered.

How Does a TFN Get Compromised?

Cybercriminals are creative in their attempts to obtain TFNs. Common methods include:

  • Phishing emails masquerading as the ATO
  • Phone scams claiming to be government representatives
  • Data breaches from employers or service providers
  • Malware that captures information entered on tax-related websites
  • Social engineering tactics that trick people into sharing personal information
  • Fake job applications requiring TFN details

The most peculiar case we handled involved a scammer who convinced someone their TFN had expired—which is about as possible as your birthday expiring. 

Pro tax tip: TFNs are for life, unless you’re explicitly issued a new one by the ATO.

Signs of a Compromised TFN 

The tricky thing about TFN theft is that criminals often make their moves quietly, hoping to extract maximum value before you notice. While some signs are obvious, others can be subtle enough to slip past even the most vigilant taxpayer. Regular checks of your ATO account can help you spot these red flags early.

You might be dealing with a compromised TFN if you notice:

  • Unexpected correspondence from the ATO about returns you haven’t lodged
  • Tax debts appearing that you know nothing about
  • Income reported from employers you’ve never worked for
  • Changes to your myGov or ATO account details you didn’t make
  • Small, suspicious alterations to your contact information (like a single digit changed in your phone number)
  • Multiple tax returns lodged in your name
  • Your legitimate tax return being rejected because one has already been filed

Don’t dismiss small discrepancies—scammers regularly start with minor changes to test the waters before attempting larger fraud. If you spot any of these warning signs, no matter how insignificant they might seem, it’s worth taking immediate action. Better to be overly cautious than to give criminals more time to abuse your identity.

What Can Scammers Do With Your TFN?

Most of us spend years carefully building our credit scores—making payments on time, keeping debts under control, and staying on good terms with the ATO. A scammer with your TFN can undo all that work faster than you can say “identity theft.”

With your compromised TFN, scammers could:

  • Lodge fraudulent tax returns and steal refunds
  • Open bank accounts or apply for credit cards
  • Claim government benefits in your name
  • Register fake businesses
  • Create false identities for money laundering
  • Access your superannuation
  • Apply for loans using your identity

Of course, for many of these schemes, they’d also need other personal details. However, the TFN could be just one element of the information they seek to steal from you. 

One of the most frustrating aspects is that scammers can wreak this havoc in mere hours. Meanwhile, cleaning up their mess can be a tedious, frustrating, and seemingly endless process that drags on for months. 

Worse still, many victims don’t discover the extent of the damage until they’re denied a loan or receive a hefty tax bill for a business they never knew they “owned.” This is why prevention and early detection are crucial—you don’t want to find out about your thriving fake business empire through an ATO audit.

Protecting Your TFN: Prevention Is Better Than Recovery

There’s a reason why your accountant blanks out your TFN in their communications with you—it’s a highly sensitive piece of information, and it needs to be treated with care. 

Here’s how to keep yours secure: 

  • Only provide your TFN to authorised recipients (employers, banks, super funds)
  • Never send your TFN via email or unsecured messages
  • Store any documents containing your TFN securely, preferably in encrypted digital storage or a locked cabinet
  • Shred or securely destroy documents containing your TFN when no longer needed
  • Set up multifactor authentication on your myGov account
  • Use strong, unique passwords for all your accounts
  • Regularly monitor your ATO account for unexpected activity
  • Be suspicious of any unsolicited contact claiming to be from the ATO

And here are a few general digital security best practices that will keep all your personal data safe, including your TFN:

  • Accept the latest security patches for your software and devices
  • If you’re running Windows, install and maintain reputable antivirus software
  • Use a reputable password manager to generate and store unique and complex passwords
  • Avoid accessing tax-related services on public Wi-Fi networks
  • Regularly check your credit report for suspicious activity (you can get a free credit check with Experian every 3 months)
  • Enable notifications for all account changes

These might seem like obvious steps—perhaps even excessive to some—but we’ve seen enough TFN horror stories to know that what looks like paranoia to your friends today could save you months of anguish and bureaucratic gymnastics tomorrow.

What to Do if Your TFN Is Compromised

If you’ve noticed anything suspicious with your TFN, act fast. The longer you wait, the messier things will get. 

Here’s your action plan:

  1. Contact the ATO’s Client Identity Support Centre right away (1800 467 033). They’ll place immediate protective measures on your tax account while they investigate any unauthorised activity.
  2. Report the incident to IDCARE (1800 595 160). Their counsellors can create a tailored response plan for your situation and provide direct support for securing your identity documents, dealing with credit issues, and preventing further compromise.
  3. You’ll likely be instructed to take these critical steps:

Immediate Actions

  • Contact myGov and report the compromise
  • Unlink all services from your existing myGov account
  • Create a new myGov account with enhanced security settings
  • Change passwords for all your online accounts
  • Contact your bank and credit card providers
  • Place a ban on your credit report through credit reporting agencies

Security Enhancement Steps

  • Set up strong security on your new myGov account using multiple forms of ID
  • Consider changing your phone number if it was compromised
  • Update all your contact details with service providers
  • Monitor your accounts and credit report regularly
  • Keep records of all communications regarding the compromise

Documentation Requirements

When securing your accounts, you’ll need:

  • Driver’s license
  • Passport (if available)
  • Birth certificate
  • Medicare card
  • Bank statements
  • Other forms of ID

What to Expect During the Recovery Process

The ATO will typically lock your account during investigation, preventing unauthorised changes. This protective hold means you’ll need extra verification steps for any tax activities, which may be a bit inconvenient. But it will also stop scammers from causing further damage, making it an important step.

The good news is that your tax agent can still lodge returns for you during this period. Just be prepared that processing times may be longer. This is because the ATO will be working to:

  • Verify your identity
  • Review recent account changes
  • Investigate suspicious activities
  • Remove fraudulent returns
  • Process legitimate returns
  • Restore account security

Future-Proofing Your Tax Security

Once you’ve recovered from a TFN compromise, you can protect yourself in the future by:

  • Regularly reviewing your tax account
  • Keeping your software and security updated
  • Maintaining secure password practices
  • Staying informed about new scam techniques
  • Subscribing to scam alert services

Pro tax tip: The ATO will never send emails or texts requesting personal information or TFN details. They won’t threaten you with arrest, demand immediate payment through unusual methods, or ask you to click on links to claim refunds. 

If you’re ever feeling pressured or frightened by a call or email, this is a big red flag that it’s a scam. You’re always within your rights to hang up or step away from the screen, check with someone you trust, and then call the institution directly on the number listed on their official website. 

Want to learn more about protecting yourself from scams? Visit our guide to tax scams and how to avoid them

Moving Forward After TFN Compromise

A compromised TFN isn’t the end of the world, but recovering from it requires immediate action and ongoing care. Like going to the dentist, it’s not the most enjoyable task on your to-do list, but addressing it quickly will prevent more serious (and costly) problems down the track.Need help securing your tax affairs? Our team of experienced accountants can guide you through the process of securing your accounts and ensuring your ongoing tax compliance. We’ve seen it all—from simple phone number alterations to elaborate identity theft schemes—and we know exactly how to help you recover and protect yourself going forward. Give us a call, send us an email, book an appointment online, or drop into your nearest branch—then consider your tax troubles sorted.