Beware of fake myGov emails and SMS messages
You are advised that fake emails and SMS messages claiming to be from the Australian Government Department of Human Services’ myGov website are targeting the community.
These fake messages seek to gather sensitive personal details from recipients and use them for malicious purposes.
Anyone who has received an SMS or email claiming to be from the Department of Human Services myGov and logged into their myGov account by accessing the link provided within, should contact the myGov helpdesk immediately on 13 23 07. People can also contact IDCare on 1300 432 273 for further advice and support.
The Department of Human Services does not include links in the SMS and email messages it sends to recipients. People should always log in by entering my.gov.au into their browser and check that https:// appears at the beginning of the address bar when you land on the site.
Fake myGov emails
The fake emails arrive with the subject line ‘Australian Government and myGov must verify your identity’ and appear to be designed to capture users’ myGov credentials and credit card information.
The links send recipients to fake forms that request the user input their myGov username and password, and their credit card number, expiration date and security code.
These fake forms incorporate myGov branding and design and appear authentic.
These emails appear to mirror the fake myGov emails that were the subject of an Alert from Stay Smart Online in February this year.
You are advised not to click on any links in these emails or submit any personal or financial details through any forms that these links may direct you to.
Fake myGov SMS
In addition, the Australian Communications and Media Authority (ACMA) has advised that a fake SMS claiming to be from myGov is in circulation.
The SMS campaign - apparently separate to the email campaign - aims to trick users into providing confidential personal identity information.
The fake SMS informs recipients in grammatically incorrect terminology that ‘incorrect details’ are ‘suspected’ in their accounts and demands that they upload correct documents.
The message then directs them to click on a link to a website that asks them to take a photo of documents such as passports or drivers’ licences and then upload these photos through the website.
You are advised not to click on any links in these emails or SMS messages, or submit any personal or financial details through any forms that these links may direct you to.
If you have supplied personal or financial information via this scam email or SMS, and any associated web pages and forms, immediately inform the organisations that provide services associated with your information.
These organisations may include your financial services providers (particularly banks); the Australian Passport Office; and the state government body responsible for drivers' licences in your state or territory.
They will advise you of the next steps you should take to protect your information.
Stay Smart Online recommends you do not open emails from unknown senders and that you be wary of unexpected emails.
If you are unsure about whether an email is legitimate, contact the organisation, department or individual that it purports to come from, using a number you have independently located on a website, phonebook or bill, before opening the message.
If your computer has been compromised, you can report the incident to the Australian Cybercrime Online Reporting Network (ACORN).
ACORN provides information on how to recognise and avoid common forms of cybercrime, such as hacking, online scams, online fraud, identity theft, attacks on computer systems and illegal or prohibited content, as well as offering advice to those who have fallen victim.
ACORN makes it easier and more convenient to report cybercrime to a law enforcement agency.
For more information about protecting yourself from fraudulent emails, see Protecting your email
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.