A very tricky myGov scam is going around sending messages to people’s phones. The scammers are hoping to steal your bank details if you follow through. What should you look out for? This scam is particularly nasty as it is coming disguised as something from the Government.

Most Australians would be familiar with myGov, the service that brings together many of the government services you may rely on under one roof, and being tax time, it’s not altogether unusual to get an alert from myGov noting you have a message waiting for you.

ATO refund scams are particularly common around this time of the year, but the one to look out for is a surprisingly convincing text message. Specifically, this scam is asking you to click on a link within a text message which will redirect you to a convincing website replica in an attempt to steal your bank log ins/money.

It is important to note that this text message is not from a myGov phone but an actual one containing the phishing link.  Real myGov text messages come through a myGov sender ID and without an obvious phone number.



An image of a text message on a phone screen, pretending to come from MyGov

Your myGov login has very little to do with your choice of bank, but in this scam, cybercriminals are hoping you won’t care, and will follow the breadcrumbs to enter the login details.

In this scam, the link itself is registered to someone clearly not from the government, you can check the link yourself by running a WHOIS (‘Who is’ responsible for this domain name) command on any website domain.

If you accidentally find yourself at the scam, you’ll see a convincing recreation of a myGov login, complete with actual links to parts of myGov on the right side, while the left side will ask you to select your bank and log in there.  A tell tale sign that this site does not look right is the URL which is not the legitimate myGov one (https://login.my.gov.au/) .

A website screen displaying a convincing scam version of the MyGov website

If you see an SMS saying it’s from myGov advising your account has been locked, check the send ID at the top and look at the link. If neither say “myGov” in the right way, you might be looking down the barrel of a scam, and it’s in your best interest to not click.

All scams should be reported to the ACCC- SCAMWATCH

Source:  https://www.pickr.com.au/news/2022/nasty-mygov-sms-scam-doing-the-rounds-how-to-know/