Nearly 19 million Australians have been warned about a scam email that appears to be sent from myGov, but is designed to steal taxpayers’ private details.
Email security service MailGuard issued an alert on the phishing email, warning that the scam is particularly dangerous as myGov is an access portal to other benefits like Medicare, JobSeeker and JobKeeper.
“Anyone falling victim to this scam will be vulnerable to having all of these government accounts compromised and their identity stolen which can lead to serious repercussions,” MailGuard said in a blog post.
“Since this scam also targets users’ financial information, their credit card credentials can be used to make fraudulent purchases, potentially leading to significant financial losses. Credentials are also likely to be harvested for use in future cyber-attacks, for identity fraud and sold on the dark web.”
There are 18.7 million active myGov accounts, according to the Digital Transformation Agency’s 2019-20 annual report, heightening the risk that the scam might be successful in fooling unsuspecting Australians.
Additionally, scammers are preying on the fact that Aussies are in desperate need of financial assistance at the moment, and are accessing government assistance through myGov.
“This is a particularly sinister scam as cybercriminals are attempting to exploit vulnerable Australians, many of whom are suffering economic hardship as a result of the economic uncertainty caused by Covid-19.”
“By falsely claiming that users are eligible for a refund, the cybercriminals behind the attack are cruelly capitalising on those unfortunate circumstances.”
What does the scam look like?
The email claims that the recipient is eligible to receive $130.81, and asks victims to fill out a “Secure Form” to get this refund.
“When users click the ‘Secure Form’ button they are presented with a fake myGov login page. This is a very faithful replication of the actual myGov login page, complete with high-quality branding elements (including the myGov and Australian Government logos) and support links,” MailGuard said.
“However, the domain used in the page URL doesn’t belong to myGov or the Australian government. Instead, the page URL begins with ‘airenherbals[dot]com’ – a red flag pointing to its illegitimacy.”
The web page you are taken to is a phishing page that is hosted on a compromised website in India.
Any of your personal details, that is, your myGov username or email address and password, is stored and harvested.
Victims are then taken to a different webpage that asks for more expensive personal details, like your full name, birthday, and home address.
Again, the website is a clever fake.
“Just as with the previous login page, this page also looks quite legitimate, as you can see,” said MailGuard.
Users are then taken to yet another fake page where they’re asked to fill in “financial institution details” – that is, credit or debit card details.
Finally, users are taken to a false ‘processing’ page and are asked not to close the window.
“While MailGuard is stopping this email scam from reaching the inboxes of its customers and partners, other Australians remain vulnerable,” said the email security platform.
“We encourage all email users to be extra vigilant against this kind of email and whatever happens, do not open or click the links.”
What to do if you’ve received this email
The Australian government wants you to let them know if you’ve seen any suspicious activity on your account.
“If you think someone has accessed your myGov account, contact us,” the myGov website states.
So if you’ve received this scam, you can report it to Scamwatch and contact myGov at 13 23 07.
“The messages you get in your myGov Inbox are secure. It’s safe to open links included in myGov Inbox messages.”
You can also take steps now to prevent being scammed: change your password; use a different password; don’t share your password with anyone else; and sign out of myGov when you’re done with the platform.