Aussies have been warned of a new phishing scam - claiming to be from myGov - that tries to steal your personal details.
Mailguard has urged all Aussies who use myGov, including those on Centrelink, to look out for a scam email with the subject line “Refund in process (1)”. The email claims you are eligible for a refund following an “annual calculation”. You are then asked to click a button to claim the refund.
There are a few immediate red flags in the email, Mailguard said.
“Although the email has a somewhat professional finish, there is no myGov branding used, and it’s littered with spelling mistakes (e.g. ‘proccess’, ‘eliqible’, and ‘from’ instead of ‘form’) and grammatical errors,” Mailguard said.
When the recipient clicks the button, they are taken to a phishing page that asks them to sign into their myGov account. The scammers then try to steal your myGov email address and password.
“Fortunately, myGov accounts have multi-factor authentication enabled, which should hopefully prevent unauthorised access, but the scam doesn’t stop there,” Mailguard said.
On the next page, you are asked to enter your bank card details, including your name, card number, expiration date and CCV/CVV.
Victims are then directed to a one-time password confirmation page - which Mailguard says “looks genuine” - with myGov and Australian Government logos.
Delete it immediately
Mailguard said recipients should delete the email immediately without clicking on any links.
“If you believe you may have already fallen for this scam, we recommend you change your myGov password as soon as possible and contact your bank to put a hold on your credit card,” it said.
Services Australia said myGov would never ask you to open a link in an email or SMS, and would never ask you to sign in through an email. You will only get links through a myGov inbox message.