MyGov Email Scam

This is a Covid-related scam which popped up in 2021 and is known to the Australian Tax Office,
it is officially known as the
MyGov Impersonation Email Scam and it is perpetrated as follows

You receive an email apparently from MyGov

  • The sender name is MyGovID

  • However the sender email address in this case is zaryko@forexnews.bg which is clearly not a Government email address

  • This is important because on a computer screen you can usually see the email address as well as the sender name

  • However on a smartphone you can often only see the sender name at first glance

  • The context of the email is an offer of a modest refund related to your tax refund

You are encouraged to log into a "Secure Form"

  • The link takes you to a form which is anything but secure!

  • So, you click on the link (which is bogus)

  • The link takes you to a very realistic MyGov page (which is also bogus)

  • The web page is an accurate reproduction (copy) of the genuine MyGov web page

  • The only indication that the page is not genuine is the web address

  • However most people look at the content of the web page rather than the (usually complex) web address

  • Which is why these scams work

The scammer receives your MyGov email address and password

  • They will immediately test the combination against your email login which might be their main intention

  • Or they will try and get into your MyGov account which contains a bunch of private identification

  • If they get into your mailbox they will attempt to steal money from you

  • If they get into your MyGov account then they can steal your identity and use that to defraud others

The email header

  • Clearly not an official email from the Government

  • Poor grammar in the subject line

The email body

  • They don't know who you are

  • The tax year ending date is not correct

  • Ironically, they are actually attempting to steal your identity!

  • The "Secure Form" is not secure

The "Secure Form" web address

  • Contains the expression MyGovID and au twice! Some may be reassured by this

  • However justns.ru is a Russian hosting site

Note the padlock symbol which denotes a Secure web page

  • Scammers are now using SSL certificates on web pages just like most companies around the world do

  • They are using the legitimate "Connection is secure" status to confirm the security of the web page itself

  • In reality, the connection to the web page is indeed secure, but that does not mean the content is secure

  • But you can see the segue to the notion that the content is secure when it clearly is not

The scam web page is a very accurate replica of the genuine MyGov web page

  • As above, the web address is clearly dodgy, but only if you notice it

  • The rest of the page is an exact replica, check out the genuine page here

  • All of the links on the page direct back to the same scam page so you can't get off the scam page easily

So, how do you protect yourself from this type of scam?

The genuine MyGov web page

  • Your web browser will try and highlight the domain name of the web page you are visiting

  • The domain will be ever so slightly more prominent and the prefix & suffix components of the address will be slightly less prominent

  • As you can see from this screenshot, you could hardly say the difference in font style is pronounced!

  • my.gov.au is clearly the genuine web page address, but only if you know it is the genuine web page address...

The fake MyGov web page

  • You will notice that the fake web page address does contain the expression MyGovID as part of the suffix which looks somewhat convincing

  • The /au/au as part of the suffix is also designed to convince you it is an Australian website

  • However, as you can see the domain name is justns.ru which is clearly not an Australian domain, it is in fact Russian

  • Note that the web page itself may not have been created by someone from Russia, that's just where it is hosted

  • It is even quite safe to browse to justns.ru it looks like a genuine internet hosting business in Russia

The bottom line

  • Scam web pages are becoming ever more sophisticated

  • Make yourself aware of what genuine web page addresses look like

  • Check with someone you know personally before entering any information on any website if you are unsure

Contact us at Lincoln Computer Centre if you need additional information