Australians, be on the lookout for a scam email that appears be sent from myGov advising you that you are eligible to receive a refund that has been targeting Australia over the last week.
MailGuard Email security service were the first to issue an alert on the phishing email, warning that the scam is particularly dangerous as myGov is an access portal to other benefits like Medicare, JobSeeker and JobKeeper. Here’s what MailGuard had to say about the scam
“Anyone falling victim to this scam will be vulnerable to having all of these government accounts compromised and their identity stolen which can lead to serious repercussions”
“Since this scam also targets users’ financial information, their credit card credentials can be used to make fraudulent purchases, potentially leading to significant financial losses. Credentials are also likely to be harvested for use in future cyber-attacks, for identity fraud and sold on the dark web.”
Additionally, scammers are preying on the fact that Aussies are in desperate need of financial assistance at the moment, and are accessing government assistance through myGov.
“This is a particularly sinister scam as cybercriminals are attempting to exploit vulnerable Australians, many of whom are suffering economic hardship as a result of the economic uncertainty caused by Covid-19.”
“By falsely claiming that users are eligible for a refund, the cybercriminals behind the attack are cruelly capitalising on those unfortunate circumstances.”
What Does The myGov Scam Look Like
The scam email claims that the recipient is eligible to receive $130.81 and asks victims to fill out a “Secure Form” to get this refund.
“When users click the ‘Secure Form’ button they are presented with a fake myGov login page. This is a very faithful replication of the actual myGov login page, complete with high-quality branding elements (including the myGov and Australian Government logos) and support links,” MailGuard reported.
“However, the domain used in the page URL doesn’t belong to myGov or the Australian government. Instead, the page URL begins with ‘airenherbals[dot]com’ – a red flag pointing to its illegitimacy.”
The web page you are taken to is a phishing page that is hosted on a compromised website in India and any of your personal details that you enter like your myGov username or email address and password, is stored and harvested.
Victims are then taken to a different webpage that asks for more expensive personal details, like your full name, birthday, and home address.
For any further information on ATO Scams or to report a scam to the ATO, please go to their website: