The ‘damaging’ myGov phishing scam catching out ‘unsuspecting’ Aussies

A damaging new myGov phishing scam is currently circulating and it’s catching out many ‘unsuspecting’ Aussies.

The new scam impersonates myGov and falsely claims that the recipient has an outstanding account refund of $736.98 AUD for the purpose of stealing bank accounts and credit card details.

The generous offer of a significant refund comes at a particularly concerning time for Australians given the current cost of living and growing interest rates which could see many potential victims jump at the chance to receive the hefty payout without taking proper precautions to verify its legitimacy.

“This scam preys on the heightened emotions that tax times brings, and given the attention to detail at every stage, it has potential to be very damaging”, says MailGuard.

According to MailGuard, the sender name displays as “My Gov – Refund Service” and the display address reads ‘isaddresssupport(at)informationconsultancyservices(dot)co(dot)uk’.

The scam message reads, “Our transaction management system detects that you are entitled to receive this payment” and asks customers to “click on the following link and save the refund information” to access the form and claim the refund.

MailGuard warns customers that “after clicking the link, the user is taken to the first phishing site which is almost an exact replica of the myGov login page” and is then “directed to enter the email and password they use for their myGov account to ‘sign in'”.

Customers are then asked to update their personal myGov information to receive the refund, including their credit/debit card name, card number, expiration date, CVV, date of birth and phone number, before pressing the ‘Valider’ (validate in French) button and proceeding to the next page.

The customer is then sent an SMS verification code which they are asked to enter into the page before pressing “confirm”.

A cruel new scam is targeting Australians this #EOFY, claiming that the recipient is owed a refund of $736.98 AUD from @myGovau. It’s incredibly well-crafted and has the potential to steal #myGov account credentials and credit card details.
Read our blog: https://t.co/7pNOsGP5Cr

— MailGuard (@MailGuard) June 16, 2022

MyGov recommends a number of steps to ensure the safety and security of their customer’s private details, advising them to be vigilant in regularly updating their account password and pin numbers and to refrain from sharing their myGov sign-in details with anybody else, along with a number of other recommendations.

MailGuard also urges customers to watch out for a few common signs of illegitimate messages such as those that do not address the customer by name, are from a business you weren’t expecting to hear from, or one that “appears to be from a legitimate company but uses poor English or omits personal details that a legitimate sender would include” or “takes you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from”.

Companies such as MailGuard and Scamwatch offer verification services for customers seeking to identify whether or not a message, email, or offer they have received is legitimate.

Australian Competition and Consumer Commission Deputy Chair Delia Rickard recently warned Australians that “you never know who you are dealing with online”.

“Scammers often pretend to be from a well-known organisation, such as a bank or the government, and they will pretend to offer you something such as money or a benefit, or claim that you are in trouble,” Rickard said.

“Do not click on any links in messages that come to you out of the blue, and never provide any of your personal or banking details to someone you don’t personally know and trust.”