The Federal Government's Stay Smart Online has warned people against the fake email that would appear to the user as if it has come from Medicare.
There is a clone website of the myGov webpage set up by scammers.
The phishing email link will take you to the cloned government website. A user can identify the fake website by checking the website address. Australian government website address ends with a “.gov.au” as opposed to the fake website address ending with a “.net”. It also asks a user to update their Electronic Funds Transfer (EFT) details so the user can start receiving payments for Medicare benefits and claims.
If you log in on this site, it will direct you to answer your secret security question. Once the step is completed, the site takes you to the clone website of Medicare. Then you are prompted to input your bank account details.
Source: Screenshot from staysmartonline.gov.au
The scammers have used the same design and branding for their fake emails and replica web pages as that of myGov and Medicare.
Stay Smart online website has also put out an alert warning people not to click on any of these links. If a person clicks on a link in the email, it gives the scammers access to their personal information. This information can be used to steal a person's identity or money.
Source: Screenshot from Staysmartonline.gov.au
It is not the first time scammers have targeted myGov.
Scammer made a similar attempt last year. They had set up a close lookalike copy of the myGov website to dupe victims into sharing their password and credit card details.
First, the link directs the user to the fake website, then it asks for credit card details to verify. If a user enters their credit card details and clicks ‘next’, they are directed to the real myGov website. That was an attempt to hide the deception from victims.
Web security expert Niranjan Limbachiya, founder and CEO of digital assurance company KiwiQA, says scammers target the government website because it has public data. By targeting the government's website, the scammers can get people's data quickly and use it again for another scam.
Mr Limbachiya emphasised that people shouldn’t be worried or doubt the Australian Government’s security measures. Although the Government can’t control the scammers, he explained, they monitor for new threats, scan their sites regularly, and introduce new security measures to protect data from cybercriminals. “Our Government is vigilant enough, they put (out) a security alert immediately to inform people about the scam and instruct them on what they should be doing,” he said.
Tips to Stay Safe
Mr Niranjan Limbachiya recommended some steps for avoiding being tricked by a fraud email. "Always, check the sender of any mail and you must not click any link if it is from an unknown sender or you are not confident about," he said.
- Keep your anti-virus/malware protection tools up-to-date.
- Enable Filters in your mailbox. Every service provider provides this facility so that the phishing emails do not fall into your inbox.
- Do not automatically download pictures or enable links, especially when they are in folders other than the mailbox.
- myGov never sends you a text, email or attachment with hyperlinks or web addresses, so if any mail appears very close to the authentic email, please call up the concerned organisation to verify.
- The most important thing to remember in Australia is that almost none of the services require you to provide personal details and financial information in an email (either as a reply or through a link). Reject those requests and contact your service provider directly.
- Do not fall for any advertisements or notifications that urge you to respond immediately.
- Keep multi-factor authentication enabled for all your sensitive accounts.
- Have different passwords for different accounts.
