Phishing scam targets myGov accounts

By on
Phishing scam targets myGov accounts

Australian's have been targeted by an online scam with a convincing email posing as social services website myGov.

Users were sent a phishing email with a fake landing page to the myGov website, where they were asked to verify their account by supplying credit card information and scanning their ID.

Once account details are harvested and credit card details are provided, users are redirected to the actual myGov website in an attempt to hide the deception of the scam.

Enterprise email security vendor MailGuard, who discovered the scam, discovered that the source code for the fake website was cloned directly from the real government website, making it appear to be genuine.

MailGuard said that the scam was distributed on a surprisingly small scale, given the complexity of the scam. The website has 11 million accounts and is used by Australians to access a range of social services such as Medicare, Centrelink and the Australian Taxation Office.

The emails originated from a servers hosted in the Czech Republic from a fake domain, mygov.net, which has no association with the real myGov.

MailGuard told users to check who their emails were from before clicking any suspicious links by examining the reply-to address and checking that it hasn't been sent from a recently-registered domain. MailGuard also said that users can hover their mouse over a link to check its real destination before clicking.

The discovery follows just a day after MailGuard revealed that fake invoices posing as MYOB were sent out in the thousands, targeting users with malware.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Have you adopted agile methodologies?
Yes - And it made a big different improve productivity
Yes - But it's not made a big difference to productivity
No - But we're thinking of giving it a try
No – We’re happy with our current methods
No - Because it is a stupid idea and a fad
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?