Thousands of myGov accounts are being suspended every month over fears they’ve been infiltrated by dark web software sold by criminals.
The federal government warned today Centrelink, Medicare and Australian Tax Office accounts were the targets of phishing attacks by scammers who were using so-called “scam-in-a-box” kits.
The technology can create a fake website and provide the know-how for scammers to launch a cyberattack.
Minister for Government Services Bill Shorten said Australians had already lost $3.1 billion to scams, including breaches of myGov, this year.
“The number of phishing scams that seek to impersonate myGov have increased dramatically,” he said.
“In 2023, there has already been more than 4500 new individual myGov scams.
“These fake sites and criminal gimmicks like ‘scams-in-a-box’ trick our citizens into giving criminals their user ID and passwords.
“The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen, identifying details end up on the dark web.”
Read Related Also: The Israeli Psyche and How It Got That Way
After a myGov account is closed, the government agency works with affected people to set up new accounts.
Hackers are attracted to this type of scam because many Australians use one password for multiple accounts.
That offers maximum reward for minimum effort by cybercriminals.
Popular water bottles used to lure users in new social media scam
“Statistics show that people reuse passwords at least 50 per cent of the time, making it possible for scammers and hackers to use the stolen password to access other online services,” Shorten said.
”myGov is now the number one digital government service used by Australians and Services Australia is working around the clock to counter scammers and hackers attacks.”
The government is finalising improvements to its ID verification, which is expected to better protect accounts against cyberattacks.
