The scam suggests the recipient is owed money – a well-tried lure.
The first big clue is that the From: address does not correspond to an Australian Government domain.
If the recipient is misguided enough to click on the 'Secure Form' button, they are taken to a fake but well-constructed myGov login page – but again, the domain is not within .gov.au.
The form harvests the individual's myGov username and password. This is a very serious matter as a myGov identity can be linked to a variety of government organisations including the ATO, Centrelink and Medicare.
A second form collects their full name, date of birth and address.
Another clue that something is very wrong is that one of the address fields is labeled 'Zip code' instead of 'Postcode'.
Finally, the scam asks for financial institution details "to pay any refund owing to you," but the fields are designed in a way that would encourage victims to enter their credit card details, including the CVC.
"This is a particularly sinister scam as cybercriminals are attempting to exploit vulnerable exploit Australians, many of whom are suffering economic hardship as a result of the economic uncertainty caused by COVID-19," said a MailGuard spokesperson.
"Scammers are well-aware that many users and businesses are in desperate need of economic assistance, applying for government relief and benefit packages like JobSeeker via myGov. By falsely claiming that users are eligible for a refund, the cybercriminals behind the attack are cruelly capitalising on those unfortunate circumstances."
The standing advice from the Australian Government reads in part:
Scams and hoaxes attempt to maliciously gather your personal information. There are many types of scams including email, phone, advance payment, investment and ones where scammers pretend to be government departments.
Don't click on links in emails or text messages claiming to be from myGov. myGov will never send you a text, email or attachment with hyperlinks or web addresses. We will never send you an email or SMS asking for:
- your username
- your password
- your myGov PIN
- your secret questions and answers.
If you get suspicious messages, you can report it [sichttps://www.scamwatch.gov.au/ .
The messages you get in your myGov Inbox are secure. It's safe to open links included in myGov Inbox messages.