The Australian Taxation Office (ATO) and Services Australia are warning the community about a new email impersonation scam that is doing the rounds.
The fake emails claim to be from “myGov” and include screen shots of the myGovID app. The email asks people to click a link to verify their identity using a “secure form” which takes them to a fake myGov page requesting personal identifying information and banking details.
The app, myGovID, can be used to prove who you are when accessing government online services. ATO systems, myGov, and myGovID have not been compromised.
ATO Assistant Commissioner Ben Foster said this new phishing scam contains classic warning signs that it is not legitimate, for example, asking people to click a link to confirm their details and spelling errors.
“The ATO and myGov does send emails and SMS messages, however will never send you an email or SMS with a hyperlink directing you to a login page for our online services,” says Foster.
“In the lead up to tax time, we expect to see more of these malicious attempts to harvest identity details. So we encourage everyone to be on alert and take the time to remind family and friends to be on the lookout and stay safe online.”
Foster confirmed that this scam was all about collecting personal information from victims rather than gaining access to live information via myGov or myGovID.
Services Australia General Manager Hank Jongen said scams were becoming more sophisticated, and people should be wary of emails asking for identity documents or personal identifying information
“If you’ve opened an email that looks suspicious, don’t click any links, open any attachments or reply to it,” says Jongen.
“If you‘ve received the suspicious email and provided your myGov sign in information you should take immediate action.
“Change your myGov password and if you’ve provided your banking details, contact your bank.
“If you’re still concerned and require extra support you can call Services Australia’s Scams and Identity Theft Helpdesk on 1800 941 126.
Staff will be able to give you advice on what to do if you’ve been scammed, and connect you with identity recovery services.”
Mr Jongen said the Helpdesk is open Monday to Friday, 8am to 5pm AEST
If you receive an SMS or email that looks like it’s from myGov, but it contains a link or appears suspicious, you can report it to ScamWatch.
Lists of the latest ATO and Services Australia scam alerts and more information about how to identify and report impersonation scams are available at ato.gov.au/scams and servicesaustralia.gov.au/scams.
Tips to protect yourself from scammers
- Be cautious when clicking on hyperlinks embedded in SMS and emails – do not click on links or attachments in emails from unknown sources.
- When logging in with myGovID, ensure that the URL displayed in your browser includes https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.myGovID.gov.au&umid=c8677892-e0ea-4abe-8c16-366a8055659a&auth=31b3389d2029d6193e31688a03b09fa6d287cd51-b828e2e04359baea5a2bda707210ea69f0f62fcc or https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmyGovID.gov.au&umid=c8677892-e0ea-4abe-8c16-366a8055659a&auth=31b3389d2029d6193e31688a03b09fa6d287cd51-a5e65d1e9d7ee6450db9cba0886aa2399fedb773.
- Keep your personal information and passwords secure – don’t share your password with others and change your passwords regularly.
- Install anti-virus software on all devices and set the software to automatically check for updates on a daily basis.
- Make data security an everyday priority, practice good cyber hygiene and constantly review your security habits.
- Store personal information in a secure place – make sure electronic documents containing personal information are secure and avoid carrying your birth certificate or passport in a wallet or handbag unless you need them.
- When downloading the myGovID app make sure it’s from the Apple App Store or Google Play Store.