Alert Priority High
9 February 2017

You are advised to delete a fake email that claims to be from the Australian Government and its myGov website.

This email is a phishing scam designed to capture your personal and banking information that may then be used for fraud, identity theft and other unwanted activities.

The phishing email includes links to fake web forms and pages that try to trick you into providing information such as your drivers' licence and passport details. These forms and pages also ask you to supply your bank account details.

The scam email purports to come from myGov. However, the fake 'sender' address incorporates terms such as 'bashsummit' and 'esseaservizi' that do not correspond with any legitimate myGov or Australian Government email addresses. 

The subject line of the fake email is 'Australian Government and myGov must verify your identity!'

The email body text reads:

'This is a notification email only. Please do not reply to this email as this mailbox is not monitored.

'This is a message from the myGov Team.

'Australian Government and myGov must verify your identity - (Part 4.2, paragraph 4.2.13 of the AML/CTF Rules).

'Click go to myGov and start the verification process.

'Thank you

'Message reference: WP571'

You are advised not to click any links in the scam email as these direct you to forms designed to capture personally identifying information such as photocopies of passports and drivers' licences, as well as your bank account details.

These fake forms and pages feature myGov design and branding, making them appear legitimate. They may even provide you with a one-time PIN as part of the process of capturing your account details.

Staying safe

If you have supplied your personal or financial information via this scam email and associated web pages and forms, immediately inform:

  • Your financial services providers (particularly banks)
  • The Australian Passport Office
  • The state government body responsible for drivers' licences in your state or territory.

They will advise you of the next steps you should take to protect your information.

Stay Smart Online recommends you do not open emails from unknown senders and that you be wary of unexpected emails.

If you are unsure about whether an email is legitimate, contact the organisation, department or individual that it purports to come from, using a number you have independently located on a website, phonebook or bill, before opening the message.

More information

For more information about protecting yourself from fraudulent emails, visit the protecting your email page.

Information for this Alert has been provided by CERT Australia and AusCERT.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.