Don’t Get Hooked: Common EOFY Scams (and How to Avoid Them)

Why scammers love tax time—and how to stay one step ahead all year round.

Every year as we edge closer to the end of the financial year, scammers sharpen their tools. Fake tax returns. Suspicious refund notices. Sudden “errors” you’re urged to fix within 24 hours. These scams aren't just annoying—they're designed to steal your money, your personal information, or both.

Here’s the thing: scammers love tax time, but they’re not seasonal creatures. Their tactics pop up year-round, disguised as everything from car registration reminders to overdue toll payments, energy rebates, account alerts, and beyond.

So how can you spot a scam—and avoid the hook?

1. Look out for pressure tactics

Many scams use urgency to force quick decisions:

“You must respond within 24 hours.”
“Your refund is on hold.”
“Failure to act will result in penalties.”

This sense of urgency is designed to bypass your usual caution. Slow down. Take a breath. Legitimate organisations will never pressure you to act instantly.

2. Check the sender and links

Scam emails often impersonate real departments but use dodgy domains—like irdgov@nz.in or link to strange URLs that mimic official sites.

A good rule of thumb? Don’t click. Instead, go directly to the organisation’s official website or contact them using a verified phone number.

3. Beware of attachments

Scammers know how to trigger curiosity. A PDF titled “2023 Tax Return – Error Detected” might look important, but opening it can expose your device or prompt you to enter personal details.

If you weren’t expecting a document, don’t open it.

4. Watch for impersonations beyond tax season

Some of the most common non-tax scams we’ve seen recently include:

  • Fake car registration or warrant of fitness reminders

  • Overdue toll payments or speeding fines

  • Energy bill “refunds” or overpayment notices

  • Bank alerts requesting you to “verify unusual activity”

All follow the same formula: appear urgent, mimic authority, and prompt you to click or reply.

5. Identity theft is the real goal

Scammers often use these tactics to gather just enough personal info to impersonate you or lodge a fake tax return in your name. That’s why it's critical to keep your identity secure:

  • Use multi-factor authentication

  • Protect your passwords

  • Avoid sharing personal information over email or text

  • Be cautious about what you open or click on

Final thought: Stay curious, not click-happy

We’re proud to partner with Phriendly Phishing, who provide fun, interactive ways to help teams recognise and report suspicious activity before it becomes a problem.

Want to test your scam-spotting skills? Try their interactive “Spot the Scam” email exercise it’s more fun than it sounds, and way more useful than ignoring the problem.

Need help training your team to spot scams?

Get in touch with Think Concepts we’ll help you keep your people, devices, and data safe.

 
 
Previous
Previous

MISSION POSSIBLE

Next
Next

The Rise of AI-Driven Cybercrime: What New Zealand Businesses Need to Know