Story image

Fake myGov email & SMS scam asks for pics of passports, driver licences

18 Apr 17

Security watchdog Stay Safe Online has issued a critical alert to Australians, warning them of a fake email and SMS scam purporting to be from myGov.

The messages gather confidential details and use them for malicious purposes. This seems to be the second round of messages disguised as myGov emails, as a similar campaign was conducted earlier this year.

The email messages, which use myGov branding and design, use the subject line ‘Australian Government and myGov must verify your identity’. 

The emails are designed to trick users into providing their myGov credentials such as username and password, as well as credit card details including the number, expiration and security code. 

The scam is also circulating by SMS and is apparently separate from the email campaign. It tricks users by stating that ‘incorrect details’ are ‘suspected’ in their accounts and unless they upload the right documents, their account will be suspended.

Users must then click on a link that asks them to uploads photos of passports, driver’s licences and other information.

Stay Safe Online states that users should not click any links in the messages or submit any personal information. Those who have submitted information should contact their providers (banks, the Australian Passport Office and the state responsible for issuing drivers’ licences).

In addition, anyone who has received an email claiming to be from myGov or the Department of Human Services and logged in using the link should contact the myGov helpdesk immediately on 13 23 07.

The Department of Human Services does not include any links in email or SMS messages it sends to recipients.  Users are urged to only use my.gov.au in their browser and ensure that https:// is at the front of the web address. 

Stay Smart Online recommends that users do not open emails from unknown senders and be wary of unexpected emails. Contact  providers through their genuine number if unsure.

Users can also submit cybercrime to the Australian Cybercrime Online Reporting Network (ACORN). 

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.