Australians are once again being targeted in a new myGov refund scam. With 20 million Australians actively using their accounts, myGov is frequently a target for impersonation by scammers. If you’re suspicious of an email you’ve received, but it doesn’t quite match this one, you may like to check out a similar scam MailGuard reported on in June 2022, which has continued to do the rounds in the months following.
The subject line states, “You have an outstanding refund.” and purports to come from “myGov Support”, but is actually being sent from “refund.servicecustomerid(at)edpnet(dot)be”. Both the IP address and domain of the sender’s email are associated with Edpnet, which is a Belgian telco and internet service provider.
While the email doesn’t include any specific details about the refund or the recipient, instead incorporating a generic “Dear Customer” salutation, it’s otherwise very well-crafted and could easily fool unsuspecting individuals who believe that it’s a legitimate myGov alert.
The email warns the recipient that they have an outstanding refund of $750.00 owed from myGov, and they are instructed to accept it via fast payment by clicking hyperlinked text which reads “Access your form”.
Here's what the email looks like:
Clicking the link directs the recipient to a phishing site which replicates the legitimate sign in page used by myGov. The scammers have taken extra care when recreating this page, and even included a banner which directs users to give feedback on their myGov experience, and an “Ask a question” box to make the site feel more authentic. However, you can tell from the URL that this is not a genuine myGov page.
The user is asked to enter their username or email, and their password for their myGov account.
At this point, the victim’s login details will have been harvested for later use by the attacker, but the scam doesn’t end there. Next, the victim is instructed that they need to enter information in order to accept fast payment online. This information includes:
- Name on the card
- Card number
- Expiration date (/MM/YYYY)
- CVV
- Date of Birth (DD/MM/YYYY), and
- Phone number
In place of where you would typically expect a ‘Continue’ button at the bottom of a page is a button that instead says ‘Valider’, which is ‘Validate’ in French.
The screen then shows a loading screen which instructs you to “wait a moment please”.
Finally, the victim is taken to a page which instructs them to “Confirm your refund” by entering a verification code which is sent to their mobile number. This is likely to verify a transaction on the scammer’s end.
Unfortunately, scammers continue to use the promise of refunds to try and lure more victims in. This method cruelly targets individuals who may already be struggling financially, and willing to overlook red flags in the email and phishing pages in the hopes of receiving a payment.
Australians need to remain hyper vigilant when checking their inboxes, especially when it comes to correspondence from myGov. Although the use of multi-factor authentication on the genuine myGov login portal may protect scammers from accessing your account, it’s not a risk worth taking.
Services Australia offers the following myGov advice:
- myGov will never ask you to open a link in an email or SMS. It will never ask you to sign in through a link in an email.
- You’ll only get links from myGov in a myGov inbox message. You can only see these messages after you’ve securely signed in to your myGov account.
- myGov will also never email you asking for your personal or credit card details.
If you believe you may have already fallen for this scam, we recommend you change your myGov password as soon as possible and contact your bank to put a hold on your credit card. You can also learn where to report the scam here.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
