Australian's have been targeted by an online scam with a convincing email posing as social services website myGov.
Users were sent a phishing email with a fake landing page to the myGov website, where they were asked to verify their account by supplying credit card information and scanning their ID.
Once account details are harvested and credit card details are provided, users are redirected to the actual myGov website in an attempt to hide the deception of the scam.
Enterprise email security vendor MailGuard, who discovered the scam, discovered that the source code for the fake website was cloned directly from the real government website, making it appear to be genuine.
MailGuard said that the scam was distributed on a surprisingly small scale, given the complexity of the scam. The website has 11 million accounts and is used by Australians to access a range of social services such as Medicare, Centrelink and the Australian Taxation Office.
The emails originated from a servers hosted in the Czech Republic from a fake domain, mygov.net, which has no association with the real myGov.
MailGuard told users to check who their emails were from before clicking any suspicious links by examining the reply-to address and checking that it hasn't been sent from a recently-registered domain. MailGuard also said that users can hover their mouse over a link to check its real destination before clicking.
The discovery follows just a day after MailGuard revealed that fake invoices posing as MYOB were sent out in the thousands, targeting users with malware.