Every month, thousands of Australians have their MyGov accounts suspended due to data-breaching scammers, and Government Services Minister Bill Shorten is outraged by it.
Criminals are using the dark web to sell what the minister has described as “scam in a box” kits to create fake but genuine-looking websites to attack Medicare, Centrelink and Australian Taxation Office accounts.
“These fake sites and criminal gimmicks like ‘scams in a box’ trick our citizens into giving criminals their user ID and passwords,” Mr Shorten said.
“The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen identifying details end up on the dark web.”
More than 4500 MyGov scams have been identified so far this year, with thousands more accounts being suspended each month over suspected breaches.
And the scammers have become increasingly sophisticated.
They appear legitimate, they can run multiple scams at the same time, can avoid detection, and they can identify when their targets are smart IT users.
Victims are often directed to fake websites but are told it is an official MyGov site.
Accounts can then be infiltrated and funds syphoned.
The problem spans the country, in the regions as well as the cities, with Mr Shorten saying $3.1 billion has already been lost to scammers this year alone.
“What’s happening is there are criminals, malicious actors are making it easy for other criminals to generate and recreate myGov phishing sites,” the minister said.
“And what they’re doing is they’re pretending to be an official myGov communication… there’s been 4500 [unique phishing attempts confirmed] by the end of August.
“So, what’s happening is criminals are spreading. They’re selling the technology of how to try and impersonate a person on myGov.
“But the answer, though, is this: if you get something from myGov that says you must download a link, don’t.
“We will never send out information to you requiring you to download a link from us. So that’s the answer.
“But, of course, people are busy. They don’t look, that’s understandable, but you’ve got to learn when you’re on the internet that not every link is real, and you’ve just got to watch it.”
Mr Shorten said statistics show that people reuse passwords at least half the time, making it possible for scammers and hackers to use the stolen password to access other online services.
“These criminal actors get an individual to give the criminal actor private details, which then the criminal actor will try and use,” Mr Shorten said.
“People often use the same password for different accounts because that’s easier to remember. So, when you … download the link and you put in your passwords, these criminal actors go, aha, this might be [their] password for another account.
“So, they’re just trying to hoover up information so they can impersonate you into government systems or banks or what have you.”
The government is finalising its overhaul of MyGov verifications, which it hopes will significantly help counter the scamming attacks.
Meanwhile, scams in a box kits continue to be sold and used to trick too many Australians into believing they are dealing with the government online.
MyGov is now the number one digital government service used by Australians, Mr Shorten said, and his agency, Services Australia, is working around the clock to counter scammers and hackers.
“[The] Government is determined to disrupt malicious actors by bolstering online defences,” he said.