8 November 2023

Too many MyGov users getting scammed and accounts suspended, says minister

| Chris Johnson
Join the conversation
Bill Shorten

Government Services Minister Bill Shorten says scammers are sophisticated and target MyGov accounts. Photo: File.

Every month, thousands of Australians have their MyGov accounts suspended due to data-breaching scammers, and Government Services Minister Bill Shorten is outraged by it.

Criminals are using the dark web to sell what the minister has described as “scam in a box” kits to create fake but genuine-looking websites to attack Medicare, Centrelink and Australian Taxation Office accounts.

“These fake sites and criminal gimmicks like ‘scams in a box’ trick our citizens into giving criminals their user ID and passwords,” Mr Shorten said.

“The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen identifying details end up on the dark web.”

More than 4500 MyGov scams have been identified so far this year, with thousands more accounts being suspended each month over suspected breaches.

And the scammers have become increasingly sophisticated.

READ ALSO Shorten looks to boost Services Australia’s Centrelink and Medicare staff numbers

They appear legitimate, they can run multiple scams at the same time, can avoid detection, and they can identify when their targets are smart IT users.

Victims are often directed to fake websites but are told it is an official MyGov site.

Accounts can then be infiltrated and funds syphoned.

The problem spans the country, in the regions as well as the cities, with Mr Shorten saying $3.1 billion has already been lost to scammers this year alone.

“What’s happening is there are criminals, malicious actors are making it easy for other criminals to generate and recreate myGov phishing sites,” the minister said.

“And what they’re doing is they’re pretending to be an official myGov communication… there’s been 4500 [unique phishing attempts confirmed] by the end of August.

“So, what’s happening is criminals are spreading. They’re selling the technology of how to try and impersonate a person on myGov.

“But the answer, though, is this: if you get something from myGov that says you must download a link, don’t.

“We will never send out information to you requiring you to download a link from us. So that’s the answer.

“But, of course, people are busy. They don’t look, that’s understandable, but you’ve got to learn when you’re on the internet that not every link is real, and you’ve just got to watch it.”

READ ALSO ANU and CPSU studies lay bare APS barriers as it develops culturally and linguistically diverse strategy

Mr Shorten said statistics show that people reuse passwords at least half the time, making it possible for scammers and hackers to use the stolen password to access other online services.

“These criminal actors get an individual to give the criminal actor private details, which then the criminal actor will try and use,” Mr Shorten said.

“People often use the same password for different accounts because that’s easier to remember. So, when you … download the link and you put in your passwords, these criminal actors go, aha, this might be [their] password for another account.

“So, they’re just trying to hoover up information so they can impersonate you into government systems or banks or what have you.”

The government is finalising its overhaul of MyGov verifications, which it hopes will significantly help counter the scamming attacks.

Meanwhile, scams in a box kits continue to be sold and used to trick too many Australians into believing they are dealing with the government online.

MyGov is now the number one digital government service used by Australians, Mr Shorten said, and his agency, Services Australia, is working around the clock to counter scammers and hackers.

“[The] Government is determined to disrupt malicious actors by bolstering online defences,” he said.

Join the conversation

All Comments
  • All Comments
  • Website Comments
Capital Retro3:17 pm 12 Nov 23

I have tried for over 10 years to set my MyGov account up. Last month I waited on the phone helpline for an hour determined to get it done. The person I spoke to was very tolerant and helpful but admitted there were still system problems to be resolved. I think we were looking at different screens because I could not find the account activation boxes that the helper was referring to. In the end I was told that I would have to go to Centrelink to receive IT education so I could get “up to speed” to complete the MyGov set up. I had gone to Centrelink before to have change of address etc. stuff done and asked if they could assist me with setting up MyGov but they said they couldn’t and I would have to do it over the phone with MyGov (again).
Now someone has posted my mobile number on a Czechoslovakian based website which says my number is used in scams etc. I the spent two fruitless hours trying to submit a report to Scamwatch. Their system must have been set up by the same mob who did MyGov because it doesn’t work and there is no phone number to try and resolve the problem. I am nearly ready to visit Room 101.

@Capital Retro
My initial (and definitely unkind) diagnosis of your issue, CR, was PEBKAC.

However, perhaps you can enlist more patient (and sympathetic) assistance with your MyGov set-up issue: https://www.actseniorscard.org.au/index.php/act-seniors-card-discount-directory/category/computers-and-computer-support-2

It was only a matter of time before cybercrims hacked into the “all your eggs in one basket”

HiddenDragon6:45 pm 09 Nov 23

So the media campaign to turn MyGov into a de-facto national biometric database has started.

Clearly the Voice result was not enough – the big government drop-kicks will keep going until they conjure up an Australian Trump.

Good luck to them.

Trevor Willis5:05 pm 09 Nov 23

Why not find out who the scammers are and then employ them to show how to stop this practice? Are they all in Australia?

Capital Retro10:04 am 13 Nov 23

Julian Assange was.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.