How to recognise scams and tips for staying safe online.
Recognising scams
We’re seeing an increase in email phishing scams claiming to be from the State Revenue Office (SRO).
Here are some ways you can identify a scam email:
- The sender’s email address is not from a sender with the domain sro.vic.gov.au
- The subject line is general and doesn’t indicate what the email is about.
- The format of email doesn’t match official SRO templates.
- A sense of urgency, such as asking you to action within 60 minutes.
- Suspicious links or attachments asking you to provide personal information.
The Australian Cyber Security Centre provides more information on how to spot a scam email.
Staying safe online
We have policies and procedures to protect the personal information that we hold. However, there are risks with transmitting information via the internet.
While we take security seriously, we cannot guarantee the safety of any information sent to us online – this is done at your own risk. Once we receive your information, we take reasonable steps to protect it from misuse, loss and unauthorised access, changes or leaks.
If you prefer not to use the internet, you can contact us by phone or mail. In some cases, our security guidelines may also require us to send you information by non-electronic means.
Here are some tips to help keep your data safe and secure when interacting with us online.
Passwords
- Create strong passwords by using numbers, symbols and longer passphrases.
- Never re-use the same password on more than one account.
- Change your passwords regularly and keep them private.
- Enable multi-factor authentication to add an extra layer of protection.
Networks and firewalls
- Always use a secure network, particularly for high-risk transactions.
- Avoid public Wi-Fi, as it may expose your device to malicious users.
- Keep your firewall enabled and up to date, even on a secure network.
Software updates
- Keep your computer’s operating system and browser up to date.
- Installing the latest updates ensures you have the most recent security patches.
Antivirus protection
- Use up-to-date antivirus software.
- Many programs include email scanning to help detect threats and scams.
- Do not trust pop-up windows that prompt you to download software.
Sharing information online
- Limit the personal information you share.
- Publicly available details can be used to exploit you.
- Adjust privacy settings to control what others can see.
- Avoid sharing personal information on social media and online forums.
Be scam aware
- If you receive a message that claims to be from the SRO, verify its legitimacy before responding.
- If you are unsure, stop and contact us to confirm.
Emails
Never share passwords or sensitive information, such as your bank account details, via email.
If you receive a suspicious email, follow these steps:
- Contact us on 13 21 61 or email cybersecurity@sro.vic.gov.au
- Check the sender’s email domain (e.g. @sro.vic.gov.au) for misspellings or unusual variations.
- Think before you click – hover over links to see the actual web address before opening the site.
- We use hyperlinks in emails to direct you to our website. If you are unsure, visit our website and search for the information instead.
Stay informed
Find out more about staying safe online from the Australian Cyber Security Centre.
Report an issue
Please report cyber security issues involving the SRO as soon as possible by emailing cybersecurity@sro.vic.gov.au
