From – https://www.ato.gov.au/Newsroom/smallbusiness/General/AUSkey-fraud-alert/?sbnews20170201
We have recently detected cases of identity thieves fraudulently obtaining AUSkeys linked to legitimate businesses. Once an Auskey has been allocated, access is gained to the Business Portal so that fraudulent BAS can be lodged and bank details updated to accounts that are not controlled by the entity.
We were able to detect the activity and take preventative action quickly. These AUSkeys have been cancelled and we are working with the affected businesses to protect their online security and monitor activity on their accounts.
Take the following steps to protect your business and to ensure your identity has not been compromised:
1.check access manager to understand who in your business has AUSkey access and that their level of access is appropriate to their role
2.remove access for employees who no longer work for you
3.check the financial institution and contact details you have recorded with us are correct.
Report any unknown or suspicious AUSkeys allocated to your organisation by calling 1300 287 539 between 8.00am and 6.00pm, Monday to Friday.
It is good business practice to conduct these checks on a regular basis.