You are advised to delete a fake email that claims to be from the Australian Government and its myGov website.
This email is a phishing scam designed to capture your personal and banking information that may then be used for fraud, identity theft and other unwanted activities.
The phishing email includes links to fake web forms and pages that try to trick you into providing information such as your drivers’ licence and passport details. These forms and pages also ask you to supply your bank account details.
The scam email purports to come from myGov. However, the fake ‘sender’ address incorporates terms such as ‘bashsummit’ and ‘esseaservizi’ that do not correspond with any legitimate myGov or Australian Government email addresses.
The subject line of the fake email is ‘Australian Government and myGov must verify your identity!’
The email body text reads:
‘This is a notification email only. Please do not reply to this email as this mailbox is not monitored.
‘This is a message from the myGov Team.
‘Australian Government and myGov must verify your identity – (Part 4.2, paragraph 4.2.13 of the AML/CTF Rules).
‘Click go to myGov and start the verification process.
‘Message reference: WP571’
You are advised not to click any links in the scam email as these direct you to forms designed to capture personally identifying information such as photocopies of passports and drivers’ licences, as well as your bank account details.
These fake forms and pages feature myGov design and branding, making them appear legitimate. They may even provide you with a one-time PIN as part of the process of capturing your account details.
Staying safe If you have supplied your personal or financial information via this scam email and associated web pages and forms, immediately inform:
Your financial services providers (particularly banks)
The Australian Passport Office
The state government body responsible for drivers’ licences in your state or territory
They will advise you of the next steps you should take to protect your information.
Stay Smart Online recommends you do not open emails from unknown senders and that you be wary of unexpected emails.
If you are unsure about whether an email is legitimate, contact the organisation, department or individual that it purports to come from, using a number you have independently located on a website, phonebook or bill, before opening the message.
Information for this Alert has been provided by CERT Australia and AusCERT.
The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Feedback Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
Disclaimer This information has been prepared by Enex TestLab for the Attorney General’s Department (‘the Department’). It was accurate and up to date at the time of publishing. This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice. The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise. Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service. Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.