Phishing scam targets myGov accounts

By on
Phishing scam targets myGov accounts

Australian's have been targeted by an online scam with a convincing email posing as social services website myGov.

Users were sent a phishing email with a fake landing page to the myGov website, where they were asked to verify their account by supplying credit card information and scanning their ID.

Once account details are harvested and credit card details are provided, users are redirected to the actual myGov website in an attempt to hide the deception of the scam.

Enterprise email security vendor MailGuard, who discovered the scam, discovered that the source code for the fake website was cloned directly from the real government website, making it appear to be genuine.

MailGuard said that the scam was distributed on a surprisingly small scale, given the complexity of the scam. The website has 11 million accounts and is used by Australians to access a range of social services such as Medicare, Centrelink and the Australian Taxation Office.

The emails originated from a servers hosted in the Czech Republic from a fake domain, mygov.net, which has no association with the real myGov.

MailGuard told users to check who their emails were from before clicking any suspicious links by examining the reply-to address and checking that it hasn't been sent from a recently-registered domain. MailGuard also said that users can hover their mouse over a link to check its real destination before clicking.

The discovery follows just a day after MailGuard revealed that fake invoices posing as MYOB were sent out in the thousands, targeting users with malware.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?