Fake Medicare email phishing scam
A new email phishing scam is hitting inboxes , targeting myGov login and bank account details. The email purports to be from the Australian Government Department of Human Services, and includes logos from the Australian Government, Medicare and myGov, which all serve to make the body visually convincing. The email demands an update to Electronic Funds Transfer (EFT) payments with Medicare, ultimately claiming that this will allow for “prompt Medicare payments for benefits and claims”.
Following the email’s link opens a replica myGov website, which features relevant logos and a familiar design. One indication of the illegitimacy of the website is its URL: mygovau.net. The real myGov website’s URL is my.gov.au. It’s a good idea to search for sign-in pages online, or type in the URL manually, rather than follow a link in an email. This ensures that you won’t be taken to an imitation site with a modified URL designed to steal your credentials.
If login details are input, security question and answer are requested, before the user is taken to a fake Medicare site. This site aims to retrieve a range of information, including bank name, BSB number, account number, customer number and online banking password. Of course, this information would never be requested via email, and should not be entered after following links in emails.
Computer Security Tips for staying safe
- Never click links in emails claiming to be from myGov or Medicare. You will never be sent an email with hyperlinks or web addresses from either of these sources
- Be wary of any email that asks you to login to an account or input personal information such as bank account details
- Don’t open a message if you don’t know the sender, or if you weren’t expecting the message
- Be suspicious if you receive an email not addressed directly to you, or that doesn’t use your correct name
- Login to myGov by manually entering the web address in your browser, and check your inbox there for any legitimate emails from Medicare
- Always check the sender email address, and confirm that it matches the email body and the domain name of the company the sender claims to represent
- Hover over links in emails to verify the URL
- Contact the organisation independently to confirm whether they sent the message
If you think your personal information has been compromised, contact Australia’s National Identity and Cyber Support Service, IDCare.
If you have been a victim of a cybercrime, report it to the Australian Cybercrime Online Reporting Network (ACORN).
At iT and Beyond, as part of the Proactive Managed IT Support we provide to keep our clients systems safe and secure, we regularly monitor security alerts from are security partners includng Stay Smart Online. See Stay Smart Online’s article Beware of fake Medicare email for more.