Dark web targets myGov accounts

Australians are being urged to update their online security after it was reported that logins for more than 3600 myGov accounts were found for sale on the dark web.

The Australian Financial Review (AFR) says the compromised myGov accounts, linked to Services Australia sites, the Australian Tax Office (ATO), Centrelink, My Health and Medicare, are bought by anonymous criminals to “use the victim’s data for identity theft, and conduct various fraudulent activities”.

With tax return season having just opened, the ATO advises taxpayers that fraudulent activity ramps up. It also says there has been a “significant increase in Australians being targeted with COVID-19 scams, fraud attempts and deceptive email and SMS schemes”.

Australians who are unsure if they have received an official notification from the ATO agency are urged to NOT REPLY and go to the Report A Scam website. Those who are concerned they have already provided sensitive information to a scammer should phone 1800 008 540. Those with concerns about potential scams on the other Services Australia sites should call 1800 941 126 or go to the scams and identity theft page of servicesaustralia.gov.au

When you call, have personal information at the ready, such as identity documents, your Centrelink Customer Reference Number (CRN), name and date of birth, Medicare number, myGov sign-in details and bank account details.

Services Australia general manager Hank Jongen said each agency had its own “fraud detection capabilities” and his organisation was aware of ongoing dark web activity.

The dark web is defined as “the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable”.

The AFR says the coronavirus pandemic has been a ‘boon’ for hackers after millions of employees began working from home and became reliant on teleconferencing. It says intelligence firm Cybel reports more than 500,000 Zoom accounts are available for sale online.

Privacy Affairs Dark Web Price Index reveals the average prices for a range of products for sale on the dark web, including forged passports ($US1500), driver licences ($US550), credit cards ($US35) and email accounts ($US155).”

The first early release of superannuation scheme was beset by privacy concerns after 150 Australians had their retirement savings targeted by fraudsters.

The federal government’s Scamwatch site has received more than 3060 scam reports mentioning the coronavirus, with more than $1,371,000 in reported losses since the outbreak of COVID-19.

“Common scams include phishing for personal information, online shopping and superannuation scams,” it says.

“Do not provide your personal, banking or superannuation details to strangers who have approached you.

“Scammers may pretend to have a connection with you. So, it’s important to stop and check, even when you are approached by what you think is a trusted organisation.”

Main types of scam (from scamwatch.gov.au)
Phishing – government impersonation scams

Scammers are pretending to be government agencies providing information on COVID-19 through text messages and emails ‘phishing’ for your information. These contain malicious links and attachments designed to steal your personal and financial information.

Tips to protect yourself from these types of scams:

  • Don’t click on hyperlinks in text/social media messages or emails, even if it appears to come from a trusted source.
  • Go directly to the website through your browser. For example, to reach the myGov website type ‘my.gov.au’ into your browser yourself.
  • Never respond to unsolicited messages and calls that ask for personal or financial details, even if they claim to be a from a reputable organisation or government authority just press delete or hang up.


Phishing – other impersonation scams
Scammers are pretending to be from real and well-known businesses such as banks, travel agents, insurance providers and telco companies, and using various excuses around COVID-19 to:

  • ask for your personal and financial information
  • lure you into opening malicious links or attachments
  • gain remote access to your computer
  • seek payment for a fake service or something you did not purchase.


Tips to protect yourself from these types of scams:

  • Don’t click on hyperlinks in text/social media messages or emails, even if they appear to come from a trusted source.
  • Never respond to unsolicited messages and calls that ask for personal or financial details just press delete or hang up.
  • Never provide a stranger with remote access to your computer, even if they claim to be from a telco company such as Telstra or the NBN Co.
  • To verify the legitimacy of a contact, find them through an independent source such as a phone book, past bill, or online search.


Superannuation scams
Scammers are taking advantage of people in financial hardship due to COVID-19 by attempting to steal their superannuation or by offering unnecessary services and charging a fee.

Most of these scams start with an unexpected call claiming to be from a superannuation or financial service.

The scammers use a variety of excuses to request information about your superannuation accounts, including:

  • offering to help you access the money in your superannuation
  • ensuring you’re not locked out of your account under new rules
  • checking whether your superannuation account is eligible for various benefits or deals.


Tips to protect yourself from these types of scams:

  • Never give any information about your superannuation to someone who has contacted you this includes offers to help you access your superannuation early under the government’s new arrangements.
  • Hang up and verify their identity by calling the relevant organisation directly find them through an independent source such as a phone book, past bill, or online search.


Online shopping scams
Scammers have created fake online stores claiming to sell products that don’t exist such as cures or vaccinations for COVID-19, and products such as face masks.

Tips to protect yourself from these types of scams:

  • The best way to detect a fake trader or social media shopping scam is to search for reviews before purchasing. No vaccine or cure presently exists for the coronavirus.
  • Be wary of sellers requesting unusual payment methods such as upfront payment via money order, wire transfer, international funds transfer, preloaded card, or electronic currency, such as Bitcoin.


MyGov privacy advice:
To protect your account:

  • don’t share your myGov sign-in details with anybody else
  • use a strong password that is easy for you to remember but hard for others to guess
  • use a different password to your other online accounts
  • change your password and myGov PIN regularly
  • don’t let other people see your computer screen when you use the ‘show password’ option
  • don’t send your password and myGov PIN to anyone by email or text message
  • don’t tell anyone your email account password
  • always sign out of your myGov account when you have finished using it
  • check for the Extended Validation Certificate indicator in your browser’s address bar when accessing myGov. Each browser shows the Extended Validation Certificate in a different way. Usually this is a green box or bar with a padlock icon.


Do you know how to keep yourself safe online this tax season?

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

Related articles:

- Our Partners -


- Advertisment -
- Advertisment -