Proudly supported by

Australian Government logo


Resources Hub / Small business cyber basics / Be prepared for end-of-financial-year cyber attacks

Be prepared for end-of-financial-year cyber attacks



Be prepared for end-of-financial-year cyber attacks

Tax time and the end of financial year (EOFY) are one of the busiest times for small businesses.

In addition to standard business operations, many small businesses run EOFY sales and there are tax, payroll and superannuation obligations that require additional time and focus.
That makes this the perfect period for cyber criminals to pounce.

Small business owners and staff need to be prepared and alert to the increased activity to avoid being a victim of cyber attack.

Here is how to be prepared for EOFY cyber scams.

How cyber criminals can target your small business this EOFY

The EOFY marks a time with additional compliance activities and when many small business operators have increased dealings with the Australian Tax Office (ATO), the Australian government’s MyGov website and financial institutions.

Cyber criminals know this and attempt to impersonate these trusted organisations to scam small businesses.

Common scam activities include:

What can I do to protect my small business from EOFY cyber attacks

There are a number of practical ways you can help protect your small business from the most common EOFY cyber attacks:

1. Be aware of texts or emails from the ATO

At this time of year, it’s important to be especially wary of any emails, phone calls, texts or social media messages claiming to be from the ATO or myGov.

Don’t engage with it if you aren’t confident that it’s genuine.
The ATO reported that between 2021-22 and 2022-23, contact by scammers via email jumped 179% and more than 400% for SMS.

The ATO says it will never send an unsolicited SMS that contains a hyperlink. It also has clear and simple information on its website about recent scams and how to verify genuine communication.

2. Consider using e-invoicing software to protect your information

Small businesses are increasingly losing hard-earned money to fake invoices and payment redirection scams.

e-Invoicing software is becoming a popular way to send and record bills without sending PDF invoices via email. It enables businesses to send and receive invoices directly to and from their accounting systems and record bills without data entry.

Peppol, an international eProcurement framework, was adopted by the Australian government in 2019.

Xero and MYOB are examples of companies that use the accredited e-invoicing protocol.

3. Banish poor processes and weak passwords

Lazy cyber security habits make small businesses vulnerable to cyber attacks.

  • Implement multi-factor authentication (MFA) to protect your email and business accounts.
  • Also upgrade to unique passphrases on all log-ins and consider a password manager to safely store your passwords.
  • Make sure you set your apps, plug-ins and browsers to auto-update so you have the latest security updates.

4. Don’t let your guard down when you are busy

When you are busy and tired, it’s harder to spot a scam, fake invoice or phishing attack.

Be careful whenever someone insists that you must act immediately, whether it’s to pay an invoice or attend to an account upgrade.

Come back to the task when you have more time and can read and consider the request properly.

Make sure to stick to your usual banking and payment processes.

Watch out for red flags such as strangely configured email addresses, unusual or “confidential” requests or unsophisticated language and typos.

Don’t let EOFY be the end of your small business

You don’t have to be a tech wizard to protect your small business during EOFY and tax time.

There are many simple and practical steps you can take to make sure your business isn’t a victim of a cyber attack at this busy time of year.


Consider making one of your new financial resolutions to take the free and fast Cyber Wardens training course, and get your staff to sign up too.

It only takes 2 minutes to start your journey to being more cyber secure, by enrolling in the free and simple Cyber Wardens online training. The course is self-paced and you’ll learn simple steps for small business quick wins in cyber security.

Help protect your small business from scams and hackers with free and simple cyber security training


Learn easy and simple cyber security tips for your small business


More helpful resources for you and your business

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.