We’ve all heard horror stories about how scams have become increasingly widespread and sophisticated over the past few years, but this one is truly quite frightening.

Each month, a substantial number of myGov accounts are being suspended due to concerns that they may have fallen prey to illicit ‘scam-in-a-box’ kits sold by cybercriminals on the dark web.

These kits are used to fabricate counterfeit websites and provide the specialised knowledge needed to launch phishing attacks on government platforms.

Since the beginning of this year, there have been more than 4,500 confirmed instances of myGov scams, leading to numerous account suspensions due to suspected fraudulent activity—thanks to the kits.

What’s truly concerning is that some of these ‘scam-in-a-box’ kits are not just simple tools; they come equipped with security features that enable wrongdoers to run multiple scams simultaneously, swiftly closing them to avoid detection.

myGov suspends numerous accounts due to ‘scam-in-a-box’ kits from the dark web. Image source: Pixabay

To make matters worse, in certain cases, these malicious actors can even distinguish more tech-savvy users and redirect them to the official myGov website.

It’s worth noting that many of these fraudulent websites bear a striking resemblance to genuine ones, making it even more challenging to spot the deception.

Bill Shorten, the Minister for Government Services, voiced his worry, highlighting that Australians have lost $3.1 billion to scams this year.

However, he said that this issue is now receiving significant attention from the authorities.

‘These fake sites and criminal gimmicks like “scams in a box” trick our citizens into giving criminals their user ID and passwords,’ said Shorten.

‘The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen identifying details end up on the dark web.’

Cybercriminals often find these scams appealing because a significant number of Australians tend to use a single password for their various accounts. These attacks demand minimal effort while promising a substantial reward.

One scam advertisement encourages potential buyers, highlighting that the majority of Australians possess a myGov account.

The simple instructions entail requesting login credentials and ensuring that the Australian Tax Office is linked to the target account.

‘Statistics show that people reuse passwords at least 50 [per cent] of the time, making it possible for scammers and hackers to use the stolen password to access other online services,’ Shorten said.

‘myGov is now the number one digital government service used by Australians, and Services Australia is working around the clock to counter scammers and hackers attacks.’

However, it is anticipated that operators offering ‘scam-in-a-box’ kits will persist in targeting myGov until the government completes its ongoing overhaul of the ID verification process, which is currently in its final stages.

‘The Albanese government is determined to disrupt malicious actors by bolstering online defences,’ Shorten added.

‘I am also working closely with my ministerial colleague, Senator Katy Gallagher, to establish a digital ID that will be a key line of defence against cybercrime when established.’

Last year, the government officially acknowledged its deliberation on the utilisation of myGov or its myGovID system to streamline digital identity verification, particularly in light of the Optus breach.

Optus, the Australian telecom company, suffered a data breach revealing personal information, such as passport and license numbers, home addresses for 2.8 million customers, and the birthdates, email addresses, and phone numbers of seven million customers.

You may read the full story here.

In August, the Australian Tax Office issued a cautionary advisory, urging individuals to exercise caution when encountering emails and text message scams that guide them to counterfeit myGov websites.

These deceptive messages commonly informed recipients of a purported tax refund or prompted them to verify their bank account, ultimately directing them to a fraudulent website.

The trade of sensitive identification data on the dark web has presented a persistent challenge over the years. In 2017, Guardian Australia brought attention to the sale of Medicare patient information, achieved through the ‘exploitation of a vulnerability’ within a government system.

Subsequently, in 2019, documented cases of dark web vendors providing Medicare details.

Key Takeaways

• Thousands of myGov accounts are being suspended monthly due to suspected breaches involving ‘scam-in-a-box’ kits sold on the dark web.
• These kits are used to create fake websites and launch phishing attacks on Centrelink, Australian Tax Office, and Medicare accounts, with over 4,500 confirmed cases of myGov scams this year.
• The Australian government is taking this issue seriously and is working towards disrupting cybercriminal activities.
• The government is in the process of overhauling its ID verification system to counter these scams and protect users’ sensitive information.

Members, what are your opinions regarding the government’s efforts to suspend fake myGov accounts, and what other steps do you believe both the government and the public should take to counter the spread of ‘scam-in-a-box’ kits on the dark web?

Share your thoughts in the comments below!

 

[Jumping Jack Flash]

I never respond to any emails sent via government sources or anyone I don't know.
If it's centrelink or tax office I go straight to my gov and check if there is mail or I phone them

I do exactly the same thing ....... re: your second sentence that is.

 

[bluetang]

What are you a cavemanoopsy or woman

That was a joke

 

[Littleboy8]

That was a joke

Gee duhso was my reply. Slate caveman get itwhy do you think people laughed.at least some of us have a sense of humour

 

[London Lad]

I never respond to any emails sent via government sources or anyone I don't know.
If it's centrelink or tax office I go straight to my gov and check if there is mail or I phone them

Good luck on phoning them.....wasted an hour of my life yesterday, before the robot cut me off!!!!

 

[Jen77au]

I am one of the older members of this group & completely agree with you. I refuse to do any of my banking on line. It scares me no end at what could happen to my small savings if someone got access through the internet. As for waving my phone over some machine to pay for groceries etc. - heck NO. If I can't guarantee my security then I need cash or a cashcard (prefer cash) to pay for everything. I even have problems with everything needing to be done online rather than face to face in a bricks & mortar building. Why do they think it's easier that way? And now with so many companies using people whose first language is not English it makes it even harder as I can't understand them on the phone & so just hang up & hope for the best.

I'm the same. It's frustrating because of the language barriers. I also hang up if it's my issue, however, if it's for my parents or their friends, I will stay as long as it takes to get their issue resolved. It's completely unfair to our older generation. It makes me so very angry to see you treated that way. It's so disrespectful towards you.

 

[jayelem]

I am one of the older members of this group & completely agree with you. I refuse to do any of my banking on line. It scares me no end at what could happen to my small savings if someone got access through the internet. As for waving my phone over some machine to pay for groceries etc. - heck NO. If I can't guarantee my security then I need cash or a cashcard (prefer cash) to pay for everything. I even have problems with everything needing to be done online rather than face to face in a bricks & mortar building. Why do they think it's easier that way? And now with so many companies using people whose first language is not English it makes it even harder as I can't understand them on the phone & so just hang up & hope for the best.

Being digital, companies don't have to employ so many. We have to do their job ourselves on line. And they still can't get it right and blame me. I am not so computer literate and navigating forms is a nightmare.

 

[nellyBell3]

I am one of the older members of this group & completely agree with you. I refuse to do any of my banking on line. It scares me no end at what could happen to my small savings if someone got access through the internet. As for waving my phone over some machine to pay for groceries etc. - heck NO. If I can't guarantee my security then I need cash or a cashcard (prefer cash) to pay for everything. I even have problems with everything needing to be done online rather than face to face in a bricks & mortar building. Why do they think it's easier that way? And now with so many companies using people whose first language is not English it makes it even harder as I can't understand them on the phone & so just hang up & hope for the best.

I couldn't agree with you more, Government & Company s Assume that humans of All ages on earth are automatically experts in the field of computers, smartphones etc and how to do everything online so the Crimms can bleed you to death.
I know plenty of middle age to elderly people who haven't got even a smart phone, and plenty of people who do have a Smartphone and can't comprehend how to Do thing's online at all, or at least not with confidence like Paying bills.
Technology is great, but manual ways must remain in place as well.

 

[David567]

If you get a ph call from someone with a foreign accent IT WILL BE A SCAMMER FOR SURE. This is the first hint.
download an app called SHOULD I ANSWER. block numbers from international and interstate numbers. You can add the numbers of friends and international known callers by adding these numbers to the allow list. The app is really easy and straight forward to use. When these scammers try to call you, there bill be an alert on the screen saying Warning POTENTIAL SCAMMER. if they call from a new ph number that no one has added and you think it's a scam, hang up and add it to the scam list. when they try to call the other people who use the app they will get the scam warning when the scammers call them. Make this app the default phone app. you won't get bothered by blocked numbers because the phone won't even ring. I've gone from several calls a day to one a week if that. If I'm bored I answer these calls, string them alone for an hour, then say sorry, not interested is scams and hang up. I've wasted their time and hopefully saved someone from being scammed. Good fun.

 

[Geerdina]

I believe MyGov is getting rid of usernames and passwords to log in and switching to either face recognition or fingerprints. I do not use a mobile phone to log in, I use my home computer.
So how am I supposed to log in without a touchscreen or camera?

 

[Loubeauxarts]

Apart from anything else, increase penalties for the scammers that do get caught to a level that will act as a deterrent. Guaranteed jail time, confiscation of assets and, where applicable, deportation if they are from other countries. The judicial system in this country is an absolute joke. Giving some arsehole a $5,000 fine for destroying someone's life and peace of mind is IMO ludicrous

 

[Estelle Ann]

We’ve all heard horror stories about how scams have become increasingly widespread and sophisticated over the past few years, but this one is truly quite frightening.

Each month, a substantial number of myGov accounts are being suspended due to concerns that they may have fallen prey to illicit ‘scam-in-a-box’ kits sold by cybercriminals on the dark web.

These kits are used to fabricate counterfeit websites and provide the specialised knowledge needed to launch phishing attacks on government platforms.

Since the beginning of this year, there have been more than 4,500 confirmed instances of myGov scams, leading to numerous account suspensions due to suspected fraudulent activity—thanks to the kits.

What’s truly concerning is that some of these ‘scam-in-a-box’ kits are not just simple tools; they come equipped with security features that enable wrongdoers to run multiple scams simultaneously, swiftly closing them to avoid detection.

View attachment 33970

myGov suspends numerous accounts due to ‘scam-in-a-box’ kits from the dark web. Image source: Pixabay

To make matters worse, in certain cases, these malicious actors can even distinguish more tech-savvy users and redirect them to the official myGov website.

It’s worth noting that many of these fraudulent websites bear a striking resemblance to genuine ones, making it even more challenging to spot the deception.

Bill Shorten, the Minister for Government Services, voiced his worry, highlighting that Australians have lost $3.1 billion to scams this year.

However, he said that this issue is now receiving significant attention from the authorities.

‘These fake sites and criminal gimmicks like “scams in a box” trick our citizens into giving criminals their user ID and passwords,’ said Shorten.

‘The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen identifying details end up on the dark web.’

Cybercriminals often find these scams appealing because a significant number of Australians tend to use a single password for their various accounts. These attacks demand minimal effort while promising a substantial reward.

One scam advertisement encourages potential buyers, highlighting that the majority of Australians possess a myGov account.

The simple instructions entail requesting login credentials and ensuring that the Australian Tax Office is linked to the target account.

‘Statistics show that people reuse passwords at least 50 [per cent] of the time, making it possible for scammers and hackers to use the stolen password to access other online services,’ Shorten said.

‘myGov is now the number one digital government service used by Australians, and Services Australia is working around the clock to counter scammers and hackers attacks.’

However, it is anticipated that operators offering ‘scam-in-a-box’ kits will persist in targeting myGov until the government completes its ongoing overhaul of the ID verification process, which is currently in its final stages.

‘The Albanese government is determined to disrupt malicious actors by bolstering online defences,’ Shorten added.

‘I am also working closely with my ministerial colleague, Senator Katy Gallagher, to establish a digital ID that will be a key line of defence against cybercrime when established.’

Last year, the government officially acknowledged its deliberation on the utilisation of myGov or its myGovID system to streamline digital identity verification, particularly in light of the Optus breach.

Optus, the Australian telecom company, suffered a data breach revealing personal information, such as passport and license numbers, home addresses for 2.8 million customers, and the birthdates, email addresses, and phone numbers of seven million customers.

You may read the full story here.

In August, the Australian Tax Office issued a cautionary advisory, urging individuals to exercise caution when encountering emails and text message scams that guide them to counterfeit myGov websites.

These deceptive messages commonly informed recipients of a purported tax refund or prompted them to verify their bank account, ultimately directing them to a fraudulent website.

The trade of sensitive identification data on the dark web has presented a persistent challenge over the years. In 2017, Guardian Australia brought attention to the sale of Medicare patient information, achieved through the ‘exploitation of a vulnerability’ within a government system.

Subsequently, in 2019, documented cases of dark web vendors providing Medicare details.

Key Takeaways

• Thousands of myGov accounts are being suspended monthly due to suspected breaches involving ‘scam-in-a-box’ kits sold on the dark web.
• These kits are used to create fake websites and launch phishing attacks on Centrelink, Australian Tax Office, and Medicare accounts, with over 4,500 confirmed cases of myGov scams this year.
• The Australian government is taking this issue seriously and is working towards disrupting cybercriminal activities.
• The government is in the process of overhauling its ID verification system to counter these scams and protect users’ sensitive information.

Members, what are your opinions regarding the government’s efforts to suspend fake myGov accounts, and what other steps do you believe both the government and the public should take to counter the spread of ‘scam-in-a-box’ kits on the dark web?

Share your thoughts in the comments below!

I have recently been a victim of the My Gov/ tax scam. My Tax returns had multiple amended tax returns put in . This was in Feb of this year. I received no notice from the ATO that this had occurred. I didn't know till I went to do my tax return and discovered that it was locked. Since then, my My Gov account has been shut down, my ATO, Centrelink and Medicare accounts locked. Police report done. It's a lot of work to change bank details, change emails, passwords, everything. It's also very scary and upsetting to think someone out there has all my identification details. Very worried member.

 

[Chicky]

Ohhhh,don’t get me started about the non English speakers. And before anyone starts,no,I’m not racially challenged in any way. I AM,however,very deaf and trying to understand some accents over the phone can be terribly difficult. Trying to explain without giving offence is also hard….and why the hell do I have to explain myself??? Just give me someone who speaks clearly! That’s all I want.

Totally 100% agree.

 

[beauravn]

The aust tax office doesn’t have an office in Argentina

You're right! I just checked and the closest Australian Tax Office to Argentina is in a place called the Cayman Islands!

 

[Geoff8]

I am one of the older members of this group & completely agree with you. I refuse to do any of my banking on line. It scares me no end at what could happen to my small savings if someone got access through the internet. As for waving my phone over some machine to pay for groceries etc. - heck NO. If I can't guarantee my security then I need cash or a cashcard (prefer cash) to pay for everything. I even have problems with everything needing to be done online rather than face to face in a bricks & mortar building. Why do they think it's easier that way? And now with so many companies using people whose first language is not English it makes it even harder as I can't understand them on the phone & so just hang up & hope for the best.

I agree wholeheartedly with you on that

 

[Littleboy8]

You're right! I just checked and the closest Australian Tax Office to Argentina is in a place called the Cayman Islands!

Ha ha

 

[Ronloby]

I never respond to any emails sent via government sources or anyone I don't know.
If it's centrelink or tax office I go straight to my gov and check if there is mail or I phone them

I just DELETE any email without a genuine website or someone I don't know.