We’ve all heard horror stories about how scams have become increasingly widespread and sophisticated over the past few years, but this one is truly quite frightening.

Each month, a substantial number of myGov accounts are being suspended due to concerns that they may have fallen prey to illicit ‘scam-in-a-box’ kits sold by cybercriminals on the dark web.

These kits are used to fabricate counterfeit websites and provide the specialised knowledge needed to launch phishing attacks on government platforms.

Since the beginning of this year, there have been more than 4,500 confirmed instances of myGov scams, leading to numerous account suspensions due to suspected fraudulent activity—thanks to the kits.

What’s truly concerning is that some of these ‘scam-in-a-box’ kits are not just simple tools; they come equipped with security features that enable wrongdoers to run multiple scams simultaneously, swiftly closing them to avoid detection.

myGov suspends numerous accounts due to ‘scam-in-a-box’ kits from the dark web. Image source: Pixabay

To make matters worse, in certain cases, these malicious actors can even distinguish more tech-savvy users and redirect them to the official myGov website.

It’s worth noting that many of these fraudulent websites bear a striking resemblance to genuine ones, making it even more challenging to spot the deception.

Bill Shorten, the Minister for Government Services, voiced his worry, highlighting that Australians have lost $3.1 billion to scams this year.

However, he said that this issue is now receiving significant attention from the authorities.

‘These fake sites and criminal gimmicks like “scams in a box” trick our citizens into giving criminals their user ID and passwords,’ said Shorten.

‘The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen identifying details end up on the dark web.’

Cybercriminals often find these scams appealing because a significant number of Australians tend to use a single password for their various accounts. These attacks demand minimal effort while promising a substantial reward.

One scam advertisement encourages potential buyers, highlighting that the majority of Australians possess a myGov account.

The simple instructions entail requesting login credentials and ensuring that the Australian Tax Office is linked to the target account.

‘Statistics show that people reuse passwords at least 50 [per cent] of the time, making it possible for scammers and hackers to use the stolen password to access other online services,’ Shorten said.

‘myGov is now the number one digital government service used by Australians, and Services Australia is working around the clock to counter scammers and hackers attacks.’

However, it is anticipated that operators offering ‘scam-in-a-box’ kits will persist in targeting myGov until the government completes its ongoing overhaul of the ID verification process, which is currently in its final stages.

‘The Albanese government is determined to disrupt malicious actors by bolstering online defences,’ Shorten added.

‘I am also working closely with my ministerial colleague, Senator Katy Gallagher, to establish a digital ID that will be a key line of defence against cybercrime when established.’

Last year, the government officially acknowledged its deliberation on the utilisation of myGov or its myGovID system to streamline digital identity verification, particularly in light of the Optus breach.

Optus, the Australian telecom company, suffered a data breach revealing personal information, such as passport and license numbers, home addresses for 2.8 million customers, and the birthdates, email addresses, and phone numbers of seven million customers.

You may read the full story here.

In August, the Australian Tax Office issued a cautionary advisory, urging individuals to exercise caution when encountering emails and text message scams that guide them to counterfeit myGov websites.

These deceptive messages commonly informed recipients of a purported tax refund or prompted them to verify their bank account, ultimately directing them to a fraudulent website.

The trade of sensitive identification data on the dark web has presented a persistent challenge over the years. In 2017, Guardian Australia brought attention to the sale of Medicare patient information, achieved through the ‘exploitation of a vulnerability’ within a government system.

Subsequently, in 2019, documented cases of dark web vendors providing Medicare details.

Key Takeaways

• Thousands of myGov accounts are being suspended monthly due to suspected breaches involving ‘scam-in-a-box’ kits sold on the dark web.
• These kits are used to create fake websites and launch phishing attacks on Centrelink, Australian Tax Office, and Medicare accounts, with over 4,500 confirmed cases of myGov scams this year.
• The Australian government is taking this issue seriously and is working towards disrupting cybercriminal activities.
• The government is in the process of overhauling its ID verification system to counter these scams and protect users’ sensitive information.

Members, what are your opinions regarding the government’s efforts to suspend fake myGov accounts, and what other steps do you believe both the government and the public should take to counter the spread of ‘scam-in-a-box’ kits on the dark web?

Share your thoughts in the comments below!

 

[Abby2]

My Coles Mobile Phone has been cancelled because it is now a requirement by the Government that they have our residential address
In my opinion the Government is only making us MORE vulnerable.

 

[Jen77au]

We’ve all heard horror stories about how scams have become increasingly widespread and sophisticated over the past few years, but this one is truly quite frightening.

Each month, a substantial number of MyGov accounts are being suspended due to concerns that they may have fallen prey to illicit ‘scam-in-a-box’ kits sold by cybercriminals on the dark web.

These kits are used to fabricate counterfeit websites and provide the specialised knowledge needed to launch phishing attacks on government platforms.

Since the beginning of this year, there have been more than 4,500 confirmed instances of MyGov scams, leading to numerous account suspensions due to suspected fraudulent activity—thanks to the kits.

What’s truly concerning is that some of these ‘scam-in-a-box’ kits are not just simple tools; they come equipped with security features that enable wrongdoers to run multiple scams simultaneously, swiftly closing them to avoid detection.

View attachment 33970

MyGov suspends numerous accounts due to ‘scam-in-a-box’ kits from the dark web. Image source: Pixabay

To make matters worse, in certain cases, these malicious actors can even distinguish more tech-savvy users and redirect them to the official MyGov website.

It’s worth noting that many of these fraudulent websites bear a striking resemblance to genuine ones, making it even more challenging to spot the deception.

Bill Shorten, the Minister for Government Services, voiced his worry, highlighting that Australians have lost $3.1 billion to scams this year.

However, he said that this issue is now receiving significant attention from the authorities.

‘These fake sites and criminal gimmicks like “scams in a box” trick our citizens into giving criminals their user ID and passwords,’ said Shorten.

‘The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen identifying details end up on the dark web.’

Cybercriminals often find these scams appealing because a significant number of Australians tend to use a single password for their various accounts. These attacks demand minimal effort while promising a substantial reward.

One scam advertisement encourages potential buyers, highlighting that the majority of Australians possess a MyGov account.

The simple instructions entail requesting login credentials and ensuring that the Australian Tax Office is linked to the target account.

‘Statistics show that people reuse passwords at least 50 [per cent] of the time, making it possible for scammers and hackers to use the stolen password to access other online services,’ Shorten said.

‘MyGov is now the number one digital government service used by Australians, and Services Australia is working around the clock to counter scammers and hackers attacks.’

However, it is anticipated that operators offering ‘scam-in-a-box’ kits will persist in targeting MyGov until the government completes its ongoing overhaul of the ID verification process, which is currently in its final stages.

‘The Albanese government is determined to disrupt malicious actors by bolstering online defences,’ Shorten added.

‘I am also working closely with my ministerial colleague, Senator Katy Gallagher, to establish a digital ID that will be a key line of defence against cybercrime when established.’

Last year, the government officially acknowledged its deliberation on the utilisation of myGov or its myGovID system to streamline digital identity verification, particularly in light of the Optus breach.

Optus, the Australian telecom company, suffered a data breach revealing personal information, such as passport and license numbers, home addresses for 2.8 million customers, and the birthdates, email addresses, and phone numbers of seven million customers.

You may read the full story here.

In August, the Australian Tax Office issued a cautionary advisory, urging individuals to exercise caution when encountering emails and text message scams that guide them to counterfeit myGov websites.

These deceptive messages commonly informed recipients of a purported tax refund or prompted them to verify their bank account, ultimately directing them to a fraudulent website.

The trade of sensitive identification data on the dark web has presented a persistent challenge over the years. In 2017, Guardian Australia brought attention to the sale of Medicare patient information, achieved through the ‘exploitation of a vulnerability’ within a government system.

Subsequently, in 2019, documented cases of dark web vendors providing Medicare details.

Key Takeaways

• Thousands of MyGov accounts are being suspended monthly due to suspected breaches involving ‘scam-in-a-box’ kits sold on the dark web.
• These kits are used to create fake websites and launch phishing attacks on Centrelink, Australian Tax Office, and Medicare accounts, with over 4,500 confirmed cases of MyGov scams this year.
• The Australian government is taking this issue seriously and is working towards disrupting cybercriminal activities.
• The government is in the process of overhauling its ID verification system to counter these scams and protect users’ sensitive information.

Members, what are your opinions regarding the government’s efforts to suspend fake MyGov accounts, and what other steps do you believe both the government and the public should take to counter the spread of ‘scam-in-a-box’ kits on the dark web?

Share your thoughts in the comments below!

I'm a younger member of this group. At 46 I consider myself pretty tech savvy, however, the insistence for everything to be digital, from Centrelink to banking and everything in between, makes me angry. I was lucky enough to have computers become mainstream enough that my knowledge began in high school. I help my parents and their friends with as much as I can because I understand that they never had that opportunity to learn about technology. I continued to use and learn about it but it still frustrates the heck out of me at times! I honestly don't know how they expect our seniors, who have never had a smidgen of training, to comprehend using the technology as well as being completely aware of how to protect themselves. Yes, we are moving forward into the digital age, but they need to stop and realise that our seniors, who are the reason why they are here and so entitled in the first place, need to be allowed to do things the way they know and can do with complete confidence. It's hard enough for everyone fighting the system as it is. Why can't they all be a little kinder to them.

 

[Suzanne rose]

I never respond to any emails sent via government sources or anyone I don't know.
If it's centrelink or tax office I go straight to my gov and check if there is mail or I phone them

 

[Littleboy8]

I never respond to any emails sent via government sources or anyone I don't know.
If it's centrelink or tax office I go straight to my gov and check if there is mail or I phone them

Same here

 

[Zemo]

"Bring back the slate!" I say ...

 

[Littleboy8]

"Bring back the slate!" I say ...

What are you a cavemanoopsy or woman

 

[elaine41]

I'm a younger member of this group. At 46 I consider myself pretty tech savvy, however, the insistence for everything to be digital, from Centrelink to banking and everything in between, makes me angry. I was lucky enough to have computers become mainstream enough that my knowledge began in high school. I help my parents and their friends with as much as I can because I understand that they never had that opportunity to learn about technology. I continued to use and learn about it but it still frustrates the heck out of me at times! I honestly don't know how they expect our seniors, who have never had a smidgen of training, to comprehend using the technology as well as being completely aware of how to protect themselves. Yes, we are moving forward into the digital age, but they need to stop and realise that our seniors, who are the reason why they are here and so entitled in the first place, need to be allowed to do things the way they know and can do with complete confidence. It's hard enough for everyone fighting the system as it is. Why can't they all be a little kinder to them.

I am one of the older members of this group & completely agree with you. I refuse to do any of my banking on line. It scares me no end at what could happen to my small savings if someone got access through the internet. As for waving my phone over some machine to pay for groceries etc. - heck NO. If I can't guarantee my security then I need cash or a cashcard (prefer cash) to pay for everything. I even have problems with everything needing to be done online rather than face to face in a bricks & mortar building. Why do they think it's easier that way? And now with so many companies using people whose first language is not English it makes it even harder as I can't understand them on the phone & so just hang up & hope for the best.

 

[Abby2]

I am one of the older members of this group & completely agree with you. I refuse to do any of my banking on line. It scares me no end at what could happen to my small savings if someone got access through the internet. As for waving my phone over some machine to pay for groceries etc. - heck NO. If I can't guarantee my security then I need cash or a cashcard (prefer cash) to pay for everything. I even have problems with everything needing to be done online rather than face to face in a bricks & mortar building. Why do they think it's easier that way? And now with so many companies using people whose first language is not English it makes it even harder as I can't understand them on the phone & so just hang up & hope for the best.

Yes I sometimes find t to understand the languge too - I always thought that the company must have an answering service from overseas.

 

[Abby2]

Same here

Me too

 

[Avcservices]

Same here

Me too. Never respond to emails without first verifying the messsge by phone to a trusted number.

 

[Barbara V]

I'm a younger member of this group. At 46 I consider myself pretty tech savvy, however, the insistence for everything to be digital, from Centrelink to banking and everything in between, makes me angry. I was lucky enough to have computers become mainstream enough that my knowledge began in high school. I help my parents and their friends with as much as I can because I understand that they never had that opportunity to learn about technology. I continued to use and learn about it but it still frustrates the heck out of me at times! I honestly don't know how they expect our seniors, who have never had a smidgen of training, to comprehend using the technology as well as being completely aware of how to protect themselves. Yes, we are moving forward into the digital age, but they need to stop and realise that our seniors, who are the reason why they are here and so entitled in the first place, need to be allowed to do things the way they know and can do with complete confidence. It's hard enough for everyone fighting the system as it is. Why can't they all be a little kinder to them.

I'm 87 and consider myself very technology savy,I know a lot aren't I have a couple friends in that category but don't put all of us in the same basket. I keep up with all updates ect

 

[Glenyce60]

I never respond to any emails sent via government sources or anyone I don't know.
If it's centrelink or tax office I go straight to my gov and check if there is mail or I phone them

Always go to my gov don't trust any links in emails and I change password etc all the time .

 

[maxesmum]

I am one of the older members of this group & completely agree with you. I refuse to do any of my banking on line. It scares me no end at what could happen to my small savings if someone got access through the internet. As for waving my phone over some machine to pay for groceries etc. - heck NO. If I can't guarantee my security then I need cash or a cashcard (prefer cash) to pay for everything. I even have problems with everything needing to be done online rather than face to face in a bricks & mortar building. Why do they think it's easier that way? And now with so many companies using people whose first language is not English it makes it even harder as I can't understand them on the phone & so just hang up & hope for the best.

Ohhhh,don’t get me started about the non English speakers. And before anyone starts,no,I’m not racially challenged in any way. I AM,however,very deaf and trying to understand some accents over the phone can be terribly difficult. Trying to explain without giving offence is also hard….and why the hell do I have to explain myself??? Just give me someone who speaks clearly! That’s all I want.

 

[Littleboy8]

Ohhhh,don’t get me started about the non English speakers. And before anyone starts,no,I’m not racially challenged in any way. I AM,however,very deaf and trying to understand some accents over the phone can be terribly difficult. Trying to explain without giving offence is also hard….and why the hell do I have to explain myself??? Just give me someone who speaks clearly! That’s all I want.

I agree with you and I have no hearing issues

 

[elaine41]

Ohhhh,don’t get me started about the non English speakers. And before anyone starts,no,I’m not racially challenged in any way. I AM,however,very deaf and trying to understand some accents over the phone can be terribly difficult. Trying to explain without giving offence is also hard….and why the hell do I have to explain myself??? Just give me someone who speaks clearly! That’s all I want.

You got it exactly right. I, too, am deaf & get sick of having to tell the caller that I am deaf, that they need to speak slower & more clearly, that they do not need to shout as that doesn't help at all. That's why I end up saying "Sorry I can't understand you so I am ending this call". Unfortunately these days I can't slam the phone on the receiver.

 

[Klaus A]

text message today from: Australian Tax office Immidiate action required. Tel 54116261684. First two numbers 54 = Argentina. What can I say to this.

 

[maherdj]

Yes I sometimes find t to understand the languge too - I always thought that the company must have an answering service from overseas.

A lot of major Companies use overseas callers as they are cheap

 

[Littleboy8]

A lot of major Companies use overseas callers as they are cheap

The aust tax office doesn’t have an office in Argentina

 

[Littleboy8]

text message today from: Australian Tax office Immidiate action required. Tel 54116261684. First two numbers 54 = Argentina. What can I say to this.

Just ignore and delete itbetter still report it