Australian government services portal, myGov, is once more the focus of an email scam landing in inboxes this morning. The email promises recipients a refund of $198.92 AUD, after they have unwittingly handed over their myGov access credentials and credit card details for processing of the refund.
The initial phishing email, pictured below, carries the subject line ‘Government sent a quote for your job’, purporting to be an alert from myGov, however the emails actually are coming from a domain associated with a company called Launch27, and the phishing page is hosted on a compromised website belonging to a Colombian printer and scanner parts company.
Clicking the ‘Open myGov’ link takes victims through to a replica myGov ‘sign-in’ page designed to steal their username or email, and password details.
Note that on the next screen, the refund amount has increased to 706.74 AUD, as victims are prompted to share credit card details for processing of their refund.
While the page now displays as processing, it is likely that a fraudulent transaction is being completed with the stolen credentials which the victim has unwittingly shared.
In the final stage of the scam, victims are prompted for a OTP (One Time Passcode) to verify their payment method. In actual fact, they are confirming the fraudulent transaction that the crooks are processing in the background, not the refund which is purportedly being credited to their account.
Refund scams are a cruel type of attack that target vulnerable individuals who could use the money promised. Instead, they risk financial and identity fraud. It’s not the first time MailGuard has intercepted and blocked a scam like this impersonating myGov, so if the email you’ve received doesn’t quite match what’s shown above, check out our articles from January, November, October and June 2022.
Providing access to a range of government services online for millions of Australians, and allowing them to link Medicare, Centrelink and Child Support, and a range of other government services, it’s not surprising that myGov is a regular target for scams.
myGov offers the following advice to all users:
“myGov is delivered by Services Australia. We will never send you an email or SMS with a hyperlink directing you to sign in to your myGov account. Always access myGov by typing in the web address yourself.
Services Australia and myGov will never send you an email or text message asking for your:
- myGov PIN
- secret questions and answers
- personal details.
When you are signed in to myGov, the messages in your myGov Inbox are secure. It’s safe to open links included in myGov Inbox messages.”
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing email@example.com or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.