Check stock where you need it!

You're expecting emails from the ATO this month. So are the scammers.

25th May 2026

You're probably waiting on a few emails this month. Something from the ATO. A message from your accountant. Maybe an update from Medicare or your bank.

Scammers know that. And they're counting on it.

At King IT we're seeing a real spike right now — customers walking in after clicking something that looked completely legitimate. A fake ATO notice. A Medicare update. A bank security alert. By the time they realise something was off, the damage is usually already done.

Here's what to watch for this month, and what to do if you think you've been caught out.

The four scams hitting hardest right now

  1. The fake ATO refund.  An email or SMS saying you're owed a refund and you just need to confirm your details. The ATO will never ask for your bank details, password or myGov login by email or text. Ever.

  2. The Medicare or myGov "update required" message.  A link that takes you to a page that looks identical to the real thing. You enter your details. They now have access to your government services.

  3. The bank security alert.  "Suspicious activity detected — click here to verify." The link goes to a fake login page. Your real bank will not email or SMS you a link to log in. If you're unsure, open the app yourself.

  4. The accountant impersonation.  An email that looks like it's from your accountant or bookkeeper, with new payment details for an invoice. Always call to confirm new bank details — even if it looks legitimate.

Three signs an email or text isn't what it claims to be

  • The sender's email address doesn't quite match — extra letters, a different domain, a slight misspelling.
  • There's pressure to act now. Real institutions don't threaten you with a five-minute deadline.
  • It asks you to click a link to "verify" something. Open the app or website yourself instead — never through the link.

If you think you've already clicked

Don't panic. But don't wait either.

  • Stop using the device for anything sensitive (banking, email, myGov).
  • Change the password on any account you logged into — from a different device if you can.
  • Call your bank if any financial details were entered.
  • Report it to Scamwatch.
  • Then bring the device in to us. We'll check it properly, look for anything that shouldn't be there, and lock the important accounts back down.

Worried you've clicked something you shouldn't have?

Bring your device in. We'll do a proper check, secure your accounts, and walk you through what happened so it doesn't happen again. We're open 7 days a week — find your nearest King IT store at kingit.com.au.