Security watchdog Stay Safe Online has issued a critical alert to Australians, warning them of a fake email and SMS scam purporting to be from myGov.
The messages gather confidential details and use them for malicious purposes. This seems to be the second round of messages disguised as myGov emails, as a similar campaign was conducted earlier this year.
The email messages, which use myGov branding and design, use the subject line ‘Australian Government and myGov must verify your identity'.
The emails are designed to trick users into providing their myGov credentials such as username and password, as well as credit card details including the number, expiration and security code.
The scam is also circulating by SMS and is apparently separate from the email campaign. It tricks users by stating that ‘incorrect details' are ‘suspected' in their accounts and unless they upload the right documents, their account will be suspended.
Users must then click on a link that asks them to uploads photos of passports, driver's licences and other information.
Stay Safe Online states that users should not click any links in the messages or submit any personal information. Those who have submitted information should contact their providers (banks, the Australian Passport Office and the state responsible for issuing drivers' licences).
In addition, anyone who has received an email claiming to be from myGov or the Department of Human Services and logged in using the link should contact the myGov helpdesk immediately on 13 23 07.
The Department of Human Services does not include any links in email or SMS messages it sends to recipients. Users are urged to only use my.gov.au in their browser and ensure that https:// is at the front of the web address.
Stay Smart Online recommends that users do not open emails from unknown senders and be wary of unexpected emails. Contact providers through their genuine number if unsure.
Users can also submit cybercrime to the Australian Cybercrime Online Reporting Network (ACORN).