Beware of fake myGov emails and SMS messages

14 April 2017

Beware of fake myGov emails and SMS messages: Alert Priority High

You are advised that fake emails and SMS messages claiming to be from the Australian Government Department of Human Services’ myGov website are targeting the community.

These fake messages seek to gather sensitive personal details from recipients and use them for malicious purposes.

Anyone who has received an SMS or email claiming to be from the Department of Human Services myGov and logged into their myGov account by accessing the link provided within, should contact the myGov helpdesk immediately on 13 23 07. People can also contact IDCare on 1300 432 273 for further advice and support.

The Department of Human Services does not include links in the SMS and email messages it sends to recipients. People should always log in by entering into their browser and check that // appears at the beginning of the address bar when you land on the site.

Fake myGov emails
The fake emails arrive with the subject line ‘Australian Government and myGov must verify your identity’ and appear to be designed to capture users’ myGov credentials and credit card information.

The links send recipients to fake forms that request the user input their myGov username and password, and their credit card number, expiration date and security code.

These fake forms incorporate myGov branding and design and appear authentic.

These emails appear to mirror the fake myGov emails that were the subject of an Alert from Stay Smart Online in February this year.

You are advised not to click on any links in these emails or submit any personal or financial details through any forms that these links may direct you to.

Fake myGov SMS
In addition, the Australian Communications and Media Authority (ACMA) has advised that a fake SMS claiming to be from myGov is in circulation.

The SMS campaign – apparently separate to the email campaign – aims to trick users into providing confidential personal identity information.

The fake SMS informs recipients in grammatically incorrect terminology that ‘incorrect details’ are ‘suspected’ in their accounts and demands that they upload correct documents.

The message then directs them to click on a link to a website that asks them to take a photo of documents such as passports or drivers’ licences and then upload these photos through the website.

Staying safe
You are advised not to click on any links in these emails or SMS messages, or submit any personal or financial details through any forms that these links may direct you to.

If you have supplied personal or financial information via this scam email or SMS, and any associated web pages and forms, immediately inform the organisations that provide services associated with your information.

These organisations may include your financial services providers (particularly banks); the Australian Passport Office; and the state government body responsible for drivers’ licences in your state or territory.

They will advise you of the next steps you should take to protect your information.

Stay Smart Online recommends you do not open emails from unknown senders and that you be wary of unexpected emails.

If you are unsure about whether an email is legitimate, contact the organisation, department or individual that it purports to come from, using a number you have independently located on a website, phonebook or bill, before opening the message.

Reporting cybercrimes
If your computer has been compromised, you can report the incident to the Australian Cybercrime Online Reporting Network (ACORN).

ACORN provides information on how to recognise and avoid common forms of cybercrime, such as hacking, online scams, online fraud, identity theft, attacks on computer systems and illegal or prohibited content, as well as offering advice to those who have fallen victim.

ACORN makes it easier and more convenient to report cybercrime to a law enforcement agency.

More informationFor more information about protecting yourself from fraudulent emails, visit //

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

This information has been prepared by Enex TestLab for the Attorney General’s Department (‘the Department’). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

Email:” style=”text-decoration:underline;”>
You are receiving this message at the address
If you no longer wish to receive this information, you can unsubscribe.


© 2017 Australian Government. All rights reserved