Fraudsters exploit vulnerabilities in Aussies’ myGov accounts, fuelling financial chaos

In an age where our personal information is increasingly digitised, the security of our online accounts has never been more critical.

This is especially true for accounts tied to essential services, which hold sensitive data and are gateways to crucial financial resources.

However, a concerning new report has shed light on a significant vulnerability that could put your data at risk.


Hackers are finding a 'side entrance' into Australians' Centrelink, Australian Taxation Office (ATO), and Medicare accounts, leading to fraudulent claims and financial chaos.

The investigation into myGov fraud has revealed a disturbing trend of scammers creating fake myGov accounts and linking them to genuine service accounts without the rightful owners' knowledge.

This process, known as ‘unauthorised linking’, allows fraudsters to make false Centrelink claims or bogus tax claims that can amount to thousands of dollars.


compressed-shutterstock_2059082597.jpeg
Scammers are infiltrating Australians' Centrelink, ATO, and Medicare accounts through fake myGov accounts and ‘unauthorised linking’. Credit: Shutterstock


Commonwealth Ombudsman Ian Anderson has pointed out that myGov's current security measures did not ‘adequately protect people’ from this type of exploitation, particularly when identity theft is involved.

The focus has been on preventing direct unauthorised access to genuine accounts, but not enough on stopping scammers from using this ‘side entrance’ method.


‘People have told us about the stress and anxiety they experienced when their personal information was stolen, and fraud committed in their name,’ Mr Anderson shared.

The report also highlighted a lack of adequate security controls for ‘high-risk transactions’, such as changing bank account details, which should require stringent verification to ensure the legitimate account holder authorises them.

‘Given the volume and sensitivity of [the] information held in member service accounts linked to myGov, robust protections to stop fraudsters gaining unauthorised access to myGov accounts are essential,’ Mr Anderson suggested.


The implications of these security breaches are far-reaching.

Scammers can use stolen identities from various sources, including large-scale data breaches like those of Optus and Medibank, phishing scams, purchases on the dark web, or simply sifting through someone's rubbish or mailbox.

Once they gain access to a myGov account, they can submit false claims for Centrelink payments, redirect government payments, and submit fraudulent tax returns to claim refunds.

This not only affects the financial well-being of the victims but can also prevent them from accessing essential financial assistance, such as the Child Care Subsidy.


Services Australia has acknowledged the gravity of the situation and has committed to implementing all the recommendations from the report.

These include enhancing security controls to prevent unauthorised linking, establishing formal processes for managing risks across the myGov ecosystem, and implementing measures like two-factor authentication for high-risk transactions.

Services Australia general manager Hank Jongen acknowledged that the organisation understands how stressful it can be for individuals when their myGov or linked services are targeted by scammers.

‘Maintaining the security of myGov and the protection of people’s personal information remains a top priority, and we’re committed to ongoing improvement,’ he declared.

‘Work is already underway to address the identified issues, as well as other security improvements to ensure myGov remains trusted, safe and secure.’

Mr Jongen stated that secure sign-in methods, such as passkey, digital ID, and two-factor authentication, have already been implemented to safeguard people's accounts.

Additionally, Services Australia locks myGov accounts and sends security alerts to customers if there is any potential unauthorised access.


As concerns over the security of personal information grow, a recent trend involving the hacking of Centrelink, Australian Taxation Office (ATO), and Medicare accounts has highlighted the vulnerabilities in existing systems.

This breach underscores the importance of enhancing digital protections, especially as discussions last year about using biometric data, such as facial recognition and fingerprints, as myGov passwords gain renewed attention.

The push for these advanced security measures aims to provide Australians with a more robust defence against such cyber threats.
Key Takeaways
  • Scammers have been infiltrating Australians' Centrelink, ATO, and Medicare accounts by creating fake myGov accounts and engaging in ‘unauthorised linking’.
  • The Commonwealth Ombudsman reported that myGov's security measures were inadequate in preventing accounts from being exploited following identity theft.
  • The report recommended improved security controls for high-risk transactions and unauthorised linking and the establishment of formal risk management processes across the myGov ecosystem.
  • Services Australia has welcomed the recommendations and is committed to enhancing security with measures such as two-factor authentication and other sign-in options to protect users' accounts.
Have you encountered any security issues with your myGov account? How do you protect your personal information online? We encourage our readers to share their experiences and tips on safeguarding their online accounts in the comments below.
 
Sponsored
One of the things that I see a lot is the so-called tap-and-go, where there is no proof of identification. As we get older we tend to drop things or forget to retrieve items such as phones and cards. Both my phone and bankcards (Bendigo bank has this option) have the option to tap-and-go switched off. I know pin numbers are not totally secure but at least they're some form of security until ATM and cash registers have facial/fingerprint recognition installed
Apparently the application DroidKit can sidestep facial/fingerprint security (see prior post).

The best security is to have your armpit smell embedded in your plastic card and every business to have your armpit smell under your arm compared with your plastic card's armpit smell using a trained sniffer dog. If it should determine that your armpit smell is not that on your plastic card then it will savage your armpit so that you may be carried off in an ambulance to the rubber truncheons section of your municipal police station.
 
Australians have NO options other than using the so called security services provided by major Govt and non Govt organisations such as ATO, MEDIBANK, CENTRELINK plus others and as such should not be expected to carry the losses of fraudulent actions carried out by scammers using a so-called side entrance or a straight out break into our data held by the organisation. All Australians should be protected from such losses by the many agencies that insist that we must use the systems that they provide. We always hear/read that the security, safety and welfare of all customers is paramount, yet the systems are regularly subjected to failures and are seemingly intercepted by scammers. Surely enough is enough!!
Spot on!
 
  • Like
Reactions: Rob44
Yes I haven't worked or earned any benefits in 34 months thanks to this and Centrelink still won't help support me.
And now it's coming down to jail time thanks to debts I never started. When all I'm doing is fighting cancer and trying to stay alive while completely broke as each day comes as with no centerlink then the support programs deny helping me as no Centrelink number to supply them with to data it for the government. As I have no idea how to counter this problem; then I'm left to suffer on my own...
 
Yes I haven't worked or earned any benefits in 34 months thanks to this and Centrelink still won't help support me.
And now it's coming down to jail time thanks to debts I never started. When all I'm doing is fighting cancer and trying to stay alive while completely broke as each day comes as with no centerlink then the support programs deny helping me as no Centrelink number to supply them with to data it for the government. As I have no idea how to counter this problem; then I'm left to suffer on my own...
Yet all the while so many other bludges get undeserved Clink payments! There is something seriously wrong with our govt & this country
 

Join the conversation

News, deals, games, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.

Seniors Discount Club

The SDC searches for the best deals, discounts, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.
  1. New members
  2. Jokes & fun
  3. Photography
  4. Nostalgia / Yesterday's Australia
  5. Food and Lifestyle
  6. Money Saving Hacks
  7. Offtopic / Everything else

Latest Articles

  • We believe that retirement should be a time to relax and enjoy life, not worry about money. That's why we're here to help our members make the most of their retirement years. If you're over 60 and looking for ways to save money, connect with others, and have a laugh, we’d love to have you aboard.
  • Advertise with us

User Menu

Enjoyed Reading our Story?

  • Share this forum to your loved ones.
Change Weather Postcode×
Change Petrol Postcode×