Aussies are being warned about an email claiming they are owed a $750 refund from myGov.
MailGuard intercepted the scam email, which is targeting 20 million myGov users around the country.
“Australians are once again being targeted in a new myGov refund scam,” MailGuard said.
“myGov is frequently a target for impersonation by scammers.”
Also read: myGov unveils massive change
Also read: Tax chaos as myGov goes down
The subject line of the email states the recipient has an “outstanding refund” and purports to be from myGov but is actually from Edpnet, which is a Belgian telco and email provider.
MailGuard said a dead giveaway that the email was not legitimate was that it didn’t include any specific details about the recipient, but instead used a generic “Dear Customer” opener.
“It’s otherwise very well-crafted and could easily fool unsuspecting individuals who believe that it’s a legitimate myGov alert,” MailGuard said.
The email tells the recipient they are owed a $750 refund and instructs them to accept the payment by clicking on a link to fill out a form.
But clicking the link will actually take the recipient to a phishing website, which replicates the legitimate myGov website.
“The scammers have taken extra care when recreating this page, and even included a banner which directs users to give feedback on their myGov experience, and an ‘Ask a question’ box to make the site feel more authentic,” MailGuard said.
“However, you can tell from the URL that this is not a genuine myGov page.”
The user is asked to enter their username or email, and their password for their myGov account.
“At this point, the victim’s login details will have been harvested for later use by the attacker, but the scam doesn’t end there,” MailGuard said.
“Next, the victim is instructed that they need to enter information in order to accept fast payment online.”
The scammers ask for personal information, including:
Name on the card
Expiration date (/MM/YYYY)
Date of birth (DD/MM/YYYY)
“Unfortunately, scammers continue to use the promise of refunds to try and lure more victims in,” MailGuard said.
“This method cruelly targets individuals who may already be struggling financially, and [are] willing to overlook red flags in the email and phishing pages in the hopes of receiving a payment.
“Australians need to remain hyper vigilant when checking their inboxes, especially when it comes to correspondence from myGov.”