Thousands of MyGov accounts are being suspended each month due to suspected breaches involving “scam-in-a-box” kits sold by criminals on the dark web.
These kits were used to create fake websites and provide the specialised knowledge required to execute phishing attacks on Centrelink, the Australian Tax Office, and Medicare accounts.
Stay up-to-date on the latest news with The National Briefing – keeping you in the loop with news as it hits:
Throughout this year, more than 4,500 confirmed MyGov scams have surfaced, resulting in the suspension of numerous accounts every month over fraud concerns.
The fraudulent kits, in some instances, incorporate security controls that empower criminals to run multiple scams at once, swiftly closing them to avoid detection.
These kits are designed to detect more technologically savvy users, redirecting them to the official MyGov website.
Government Services Minister Bill Shorten said the Australians have lost $3.1 billion to scams this year.
“These fake sites and criminal gimmicks like ‘scam in a box” trick our citizens into giving criminals their user ID and passwords,” Shorten said.
Shorten expressed the urgency in addressing the issue, particularly as MyGov ranks as the primary digital government service used by Australians.
“The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen, identifying details end up on the dark web.”
The appeal of these scams to cybercriminals is primarily attributed to the fact that many Australians use a single password for multiple accounts.
The minister warned about the prevalence of password reuse, affirming that this practice makes it easier for scammers to access multiple online services using the stolen credentials.
Subscribe to The Briefing, Australia’s fastest-growing news podcast on Listnr today. The Briefing serves up the latest news headlines and a deep dive into a topic affecting you. All in under 20 minutes.