Cybercrims have launched a sophisticated phishing scam with a fake Medicare email and cloned MyGov site designed to trick Australians into providing their log-in and banking details.
According to a high priority alert from the Federal Government’s Stay Smart Online service, scammers have dispatched a phishing email that appears to be from Medicare that claims Australians need to update their Electronic Funds Transfer details to receive payments for benefits and claims.
By clicking on a fake myGov link in the email, people are taken to a realistic replica of the real website with the url mygovau.net instead of my.gov.au.
Both the fake site and the legitimate site describe myGov as “a simple and secure way to access government online services” including Medicare, My Aged Care and My Health Record.
For those who input their login details into the cloned myGov, they are then directed to enter their secret security question and answer before they are taken to a fake Medicare website and are instructed to input bank account details.
According the government’s warning, Australians need to beware.
“These emails and web pages feature myGov and Medicare design and branding, making them appear legitimate.
“Remember, clicking on the link and sharing your details gives these scammers access to your personal information, which they then use to steal your money and identity!”
Queensland University of Technology criminologist Dr Cassandra Cross told the ABC that phishing attacks are becoming more sophisticated and while most people know to be on guard for nefarious emails claiming to be from banks, communications that appear to come from government can seem authentic.
"We've done a lot of awareness around not putting information into banking websites that you'd click on from a link, but people wouldn't necessarily associate that same message with myGov,” Cross said.
Stay Smart Online advises people to never click on links in emails or text messages claiming to be from myGov or Medicare. Those accessing their official myGov account are instructed to type the url into their browser.
It is not the first time the myGov site has been cloned, with an earlier forged version detected in 2017.
To share tips, news or announcements, contact the HITNA editor on firstname.lastname@example.org