Skip to content

It might look like a duck and quack like a duck, but it’s not always necessarily a duck…

  • by

myGov scam tricking victims into handing over bank details through cloned website

BY PATRICK WILLIAMSUPDATED THU 5 JUL 2018, 5:13 PM AESTEmailFacebookTwitterWhatsApp

A phishing email pretending to come from Medicare
PHOTO It may look legit, but this email isn’t from Medicare.SUPPLIED: STAY SMART ONLINE

Scammers have cloned the myGov website and are luring in victims with a phishing email claiming to come from Medicare asking them to update their banking details.

A warning over the scam was issued by authorities on Wednesday via the Stay Smart Online website.

It begins with a phishing email designed to look as if it’s from Medicare, asking the recipient “please kindly update your Electronic Funds Transfer (EFT) payments”.

If you click on the link in the email you are taken to a replica of the real myGov website.

The URL for the clone site is

The real site is

The myGov website links numerous government services such as Medicare, Centrelink, and the Australia Taxation Office, through the one portal.

A clone of the mygov website.

“If you input your login details you are directed to also enter your secret security question and answer, before you’re taken to the fake Medicare website to input your bank account details,” the Stay Safe Online warning reads.

“These emails and web pages feature myGov and Medicare design and branding, making them appear legitimate.”

‘Scammers are becoming more sophisticated in their attacks’

Queensland University of Technology criminologist Dr Cassandra Cross, who specialises in online fraud, said scammers were becoming more sophisticated with their attacks.

“They [cloned websites] look authentic, they look genuine. In this case the only difference is the URL,” Dr Cross said.

“People wouldn’t really recognise that, they would see the myGov in the web address, see the web page which looks very authentic and genuine … there wouldn’t be any red flags that would go up to provoke suspicious or to make someone think twice.”

Dr Cross said the myGov scam was the same as phishing emails claiming to come from banks asking people to log in via a link provided in the email.

“But they’re using something a bit more timely and just a little bit different to catch people off guard and increase their chance that people will respond to it,” she said.

“We’ve done a lot of awareness around not putting information into banking websites that you’d click on from a link, but people wouldn’t necessarily associate that same message with myGov.

A cloned website of the mygov website

“This time of year we also see a lot around the Australian Tax Office, clinking on links to gain tax refunds.”

Dr Cross said usual tip offs such as spelling mistakes and poor grammar might not cut it as scammers become more and more advanced in their approaches.

“As you can see from this one they’re far more complex and sophisticated,” she said.

“I don’t think we can rely on those indicators as successfully now, because offenders have realised that people are looking for that and they’ve upped the ante so to speak so they’ve increased the level of sophistication that they put out these attacks.”

Czech Republic scammers cloned myGov last year

MailGuard CEO Craig McDonald said his cyber security company detected a clone website of myGov in 2017.

“Criminals set up a near-perfect clone of the myGov website in order to dupe victims into sharing their password and credit card details,” Mr McDonald said.

“That scam was mounted from email servers hosted in the Czech Republic.”

Mr McDonald said it was a practice they called “brandjacking”.

“Essentially, brandjacking is a kind of forgery; scammers exploit the trademarks of well-known companies to deceive their victims and gain their trust,” he said.

“In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients.

“When the scam messages show up in victim’s inboxes they feel safe opening them, because they look like legitimate emails from familiar companies.

“People aren’t machines; we’re all capable of making bad judgement calls. Without cybersecurity measures in place, it’s just a matter of time before people have a momentary lapse of judgement and click on the wrong thing.”

So what do you do if you get this email or something similar?

  • Do not click on links in emails or text messages claiming to be from myGov or Medicare. Stay Smart Online says myGov will never send you a text, email or attachment with hyperlinks or web addresses
  • Don’t open messages if you don’t know the sender, or if you’re not expecting them
  • Be suspicious of messages that aren’t addressed directly to you, or don’t use your correct name
  • Login to your official myGov account by typing the web address into your browser, to check your inbox for any legitimate emails from Medicare
  • You can also contact the organisation separately to check if they have sent the message


To learn more about the best practices for small business cybersecurity contact Club IT today on 1300 788 874 or request a free, no-obligation IT Basics Check.

Leave a Reply

Your email address will not be published. Required fields are marked *