MyGov accounts, superannuation targeted by dark web fraudsters

Update your online security to thwart criminals targeting myGov accounts.

Accessing Centrelink via the myGov Australia website

Australians are being urged to update their online security after it was reported that logins for more than 3600 myGov accounts were found for sale on the dark web.

The Australian Financial Review (AFR) says the compromised myGov accounts, linked to Services Australia sites, the Australian Tax Office (ATO), Centrelink, My Health and Medicare, are bought by anonymous criminals to “use the victim’s data for identity theft, and conduct various fraudulent activities”.

With tax return season having just opened, the ATO advises taxpayers that fraudulent activity ramps up. It also says there has been a “significant increase in Australians being targeted with COVID-19 scams, fraud attempts and deceptive email and SMS schemes”.

Australians who are unsure if they have received an official notification from the ATO agency are urged to NOT REPLY and go to the Report A Scam website. Those who are concerned they have already provided sensitive information to a scammer should phone 1800 008 540. Those with concerns about potential scams on the other Services Australia sites should call 1800 941 126 or go to the scams and identity theft page of servicesaustralia.gov.au

When you call, have personal information at the ready, such as identity documents, your Centrelink Customer Reference Number (CRN), name and date of birth, Medicare number, myGov sign-in details and bank account details.

Services Australia general manager Hank Jongen said each agency had its own “fraud detection capabilities” and his organisation was aware of ongoing dark web activity.

The dark web is defined as “the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable”.

The AFR says the coronavirus pandemic has been a ‘boon’ for hackers after millions of employees began working from home and became reliant on teleconferencing. It says intelligence firm Cybel reports more than 500,000 Zoom accounts are available for sale online.

Privacy Affairs Dark Web Price Index reveals the average prices for a range of products for sale on the dark web, including forged passports ($US1500), driver licences ($US550), credit cards ($US35) and email accounts ($US155).”

The first early release of superannuation scheme was beset by privacy concerns after 150 Australians had their retirement savings targeted by fraudsters.

The federal government’s Scamwatch site has received more than 3060 scam reports mentioning the coronavirus, with more than $1,371,000 in reported losses since the outbreak of COVID-19.

“Common scams include phishing for personal information, online shopping and superannuation scams,” it says.

“Do not provide your personal, banking or superannuation details to strangers who have approached you.

“Scammers may pretend to have a connection with you. So, it’s important to stop and check, even when you are approached by what you think is a trusted organisation.”

Main types of scam (from scamwatch.gov.au)
Phishing – government impersonation scams

Scammers are pretending to be government agencies providing information on COVID-19 through text messages and emails ‘phishing’ for your information. These contain malicious links and attachments designed to steal your personal and financial information.

Tips to protect yourself from these types of scams:

  • Don’t click on hyperlinks in text/social media messages or emails, even if it appears to come from a trusted source.
  • Go directly to the website through your browser. For example, to reach the myGov website type ‘my.gov.au’ into your browser yourself.
  • Never respond to unsolicited messages and calls that ask for personal or financial details, even if they claim to be a from a reputable organisation or government authority just press delete or hang up.

Phishing – other impersonation scams
Scammers are pretending to be from real and well-known businesses such as banks, travel agents, insurance providers and telco companies, and using various excuses around COVID-19 to:

  • ask for your personal and financial information
  • lure you into opening malicious links or attachments
  • gain remote access to your computer
  • seek payment for a fake service or something you did not purchase.

Tips to protect yourself from these types of scams:

  • Don’t click on hyperlinks in text/social media messages or emails, even if they appear to come from a trusted source.
  • Never respond to unsolicited messages and calls that ask for personal or financial details just press delete or hang up.
  • Never provide a stranger with remote access to your computer, even if they claim to be from a telco company such as Telstra or the NBN Co.
  • To verify the legitimacy of a contact, find them through an independent source such as a phone book, past bill, or online search.

Superannuation scams
Scammers are taking advantage of people in financial hardship due to COVID-19 by attempting to steal their superannuation or by offering unnecessary services and charging a fee.

Most of these scams start with an unexpected call claiming to be from a superannuation or financial service.

The scammers use a variety of excuses to request information about your superannuation accounts, including:

  • offering to help you access the money in your superannuation
  • ensuring you’re not locked out of your account under new rules
  • checking whether your superannuation account is eligible for various benefits or deals.

Tips to protect yourself from these types of scams:

  • Never give any information about your superannuation to someone who has contacted you this includes offers to help you access your superannuation early under the government’s new arrangements.
  • Hang up and verify their identity by calling the relevant organisation directly find them through an independent source such as a phone book, past bill, or online search.

Online shopping scams
Scammers have created fake online stores claiming to sell products that don’t exist such as cures or vaccinations for COVID-19, and products such as face masks.

Tips to protect yourself from these types of scams:

  • The best way to detect a fake trader or social media shopping scam is to search for reviews before purchasing. No vaccine or cure presently exists for the coronavirus.
  • Be wary of sellers requesting unusual payment methods such as upfront payment via money order, wire transfer, international funds transfer, preloaded card, or electronic currency, such as Bitcoin.

MyGov privacy advice:
To protect your account:

  • don't share your myGov sign-in details with anybody else
  • use a strong password that is easy for you to remember but hard for others to guess
  • use a different password to your other online accounts
  • change your password and myGov PIN regularly
  • don't let other people see your computer screen when you use the 'show password' option
  • don't send your password and myGov PIN to anyone by email or text message
  • don't tell anyone your email account password
  • always sign out of your myGov account when you have finished using it
  • check for the Extended Validation Certificate indicator in your browser's address bar when accessing myGov. Each browser shows the Extended Validation Certificate in a different way. Usually this is a green box or bar with a padlock icon.

Do you know how to keep yourself safe online this tax season?

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    bobm
    7th Jul 2020
    10:48am
    MyGov. What a great idea to have all your info on this system. I wonder who in the Australian Government collected a shed load of money by acquiring the info off My Gov and sell it of to the scammers?
    Can't trust the Australian Government for privacy. I don't have MyGov because they can't get their shite together and expect everyone to have an email address instead of one email and each person listed have a pin to enter their section of the MyGov!!!!!
    Muttonbird
    7th Jul 2020
    1:03pm
    Unfortunately I don't think we have much choice if we ever have to deal with Centrelink - eg for Seniors Health Card - they require you to deal with them online as far as I know.
    Tood
    7th Jul 2020
    5:38pm
    Nowdays, after you log on to MYGOV, they send a code number on your mobile which needs to be entered, without it you cant get into your details.
    Rosret
    8th Jul 2020
    8:06am
    I received an email from MyGov just the other day. It looked genuine however I chose not to open it.
    I am sure if I owe them money they will find me! I have an address and they own AusPost so they can send me a letter.
    Placido1
    7th Jul 2020
    1:15pm
    This is a typical piece of bad Journalism!

    Advertising link talks about mygov details being leaked to dark web and then says is your mygov account one of them? Then says Will will explain how to find out.

    There is no explanation about how to find out if your account is compromised, Please dont use this loose language re your articles.
    diamond
    7th Jul 2020
    1:49pm
    If these scammers have your name, e-mail and/or phone number there is a pretty good chance that your details are out there. If you are not receiving any dodgy communications you are fortunate.

    Will does tell you what to look for. I don't know what you are complaining about.
    Rosret
    8th Jul 2020
    8:15am
    Placido1 I think its good they are warning people. We have obviously had a Cyberattack and what we thought was safe isn't.
    So spelling or not I know how easily people are tricked and being warned is a very good idea.

    My warning to people is - Do you really need to be on the internet for that particular service? The government is very free and happy to collect and share our information with minimal security.
    The most insecure:
    Paywave/Visa
    Dating online
    Social media
    MyGov
    Myhealth
    Medicare
    The online banking
    Online Superannuation
    The online census
    -and of course YLC shares its cookies with hundreds of other sites.
    JoJozep
    7th Jul 2020
    2:28pm
    YLC - Your site is absolute Shite!

    I composed a complete A4 page and enlarged the writing space so I could see the text clearly. What little space you provide for comment is crap!

    Worse than that, it's surrounded by advertising. I had the misfortune to write ten don'ts to protect your private information, and I made the mistake of widening the text box and the right hand side touched the bullsit advertising on the right.

    Bingo, I was unable to reduce the width of the text box and the whole page froze up. Not only that, I was unable to post my comments. Since when YLC, did you do this programming change that locks your text if you touch advertising space? Come on you editing cronies, admit you all suck up to the advertisers. Just look at the right hand side, the paragraphs above and the splurge belowe.

    I will summarise my 10 DON'TS into one : - throw your I phone in the nearest rubbish bin, but first , squeeze it in a vice or hit it with sledge hammer and make sure it oozes its parts. That way your private information will never go on the net, the stupid Cloud or any other advertising gimmick.
    Anonymous
    7th Jul 2020
    4:42pm
    What are you on about JoJozep not much sense written here, there is plenty of room for dialogue in comments when you run out of space just keep going and the comments section keeps going, Anyhow why do you need more space people get bored if you write too much crap and what you doing in the advertising space is anyones guess.

    I think you have very limited knowledge of what to do on a computer perhaps go somewhere and get a few lessons?
    Rosret
    8th Jul 2020
    8:22am
    Yes JoJozep. It is a pain. So hard to avoid the flashing advertisements to see the text. Then if you click closed they actually open up.
    Maybe next time write your your comments in Word Ctrl A the document then Ctrl C then click in the reply space with Ctrl V.
    Then maybe, at the same time, YLC can see what is wrong with their site at the moment - it appears they have a cookie cyber attack!
    JoJozep
    8th Jul 2020
    9:25am
    Anonymous

    Since when have you become a know it all critic? For your limited knowledge, I have been involved with computers since the late seventies, when the Commodore 64, the tandy color computer and atari were the norm. Often, my son and I would stay up late programming these computers since windows existed in primitive form, there was no IBM PC at the time and I have the latest computer at all times till now.

    Unlike you, I do like to see how my text appears . I write specifications for small and large commercial projects and clarity and strict sentence construction is paramount.
    Anonymous
    8th Jul 2020
    9:50am
    Hey Jojozep Anonymous is me obviously Computers has probably got past you perhaps you need a refresh no one else except Roset seems to have a problem
    Priscilla
    8th Jul 2020
    10:44am
    Therein lies the problem - having no choice! Making people use cards and only accessing services on-line. Even though it is proving and has been proved so many times that on-lin services are easily hacked we are constantly pressured to use these services. Doing business on a peronal basis is the ONLY secure way to go to be safe.
    Muttonbird
    9th Jul 2020
    9:29am
    Online is safer from a health perspective nowadays however!


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles