Message from the ATO: Check your Access Manager Permissions
We have detected criminal activity where identity thieves have fraudulently obtained AUSkeys linked to businesses. They have used these to access the portals, lodge activity statements and change account details for refunds.
We were able to take preventative action quickly. These AUSkeys have been cancelled and we are working with the affected businesses to protect their online security and monitor activity on their accounts.
To help protect your practice from identity theft, we recommend you take the following steps:
- use Access Manager regularly to check people's level of access to the portals is appropriate
- cancel AUSkeys (in AUSkey Manager) for people who no longer work for you
- immediately disable or remove a person's account if you have any concerns about their activities
- ensure that each person who deals with us online on behalf of your practice has their own AUSkey
- keep passwords secure – they must not be shared
- report any unknown or suspicious AUSkeys by phoning 1300 287 539 between 8.00am and 6.00pm, Monday to Friday.
Original article can be found here - Check your Access Manager Permissions