Have you received an email with the subject line “Your Medicare Claims from MyGov”? Look out, it could be a new scam that fools Medicare users into believing they’re due a reimbursement.
The sender name shows “myGov”, although the email actually comes from a compromised account at Stuttgart University in Germany. The email is a relatively plausible replica that's likely to catch some people unaware. It uses Australian Government branding in the header, addresses the recipient as “myGov User”, and then explains that “Your Medicare claims and payment are now available for filing and disbursemnt” before directing them to click on hyperlinked text that appears as though it will direct them to an Australian Tax Office claims page. In reality, it hides the true link, which will take the recipient to a phishing page.
After clicking the link, the user is taken to the phishing site which replicates myGov’s login page, with the only discernible differences being the URL and green text added to appear as an alert that states, “Your Refund is ready”.
Here, they’re asked to their username/email and password.
If the victim proceeds, their username and password will be harvested by the attacker and stored for later use or sold to other hackers.
Next, they are told that a refund of $688.64 AUD is available, and to receive it, they must enter their credit card details, including:
- Name on card
- Card number
- Expiry date
- CVV
Then, the victim will also be asked for:
- First name
- Last name
- Address line 1
- Address line 2
- City
- State
- Postal code
- Phone number
- Date of birth
This information, along with the rest that has already been entered, is very valuable for a cybercriminal and will likely be used for financial fraud.
Finally, the victim is asked to enter a payment verification code, which likely signals the cybercriminal is trying to charge their card to verify it’s valid.
After entering the code, it redirects to the legitimate myGov website to help avoid suspicion.
myGov scams have been an increasingly popular choice of impersonation from attackers, so if the email you’ve received doesn’t quite match what’s shown above, check out our most recent article from January 2023, or other articles from November, October and June 2022.
myGov offers the following advice to all users:
“myGov is delivered by Services Australia. We will never send you an email or SMS with a hyperlink directing you to sign in to your myGov account. Always access myGov by typing in the web address yourself.
Services Australia and myGov will never send you an email or text message asking for your:
- username
- password
- myGov PIN
- secret questions and answers
- personal details.
When you are signed in to myGov, the messages in your myGov Inbox are secure. It’s safe to open links included in myGov Inbox messages.”
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
