In recent months, thousands of myGov accounts have faced suspension due to growing concerns that they've fallen victim to malicious "scam-in-a-box" kits available on the dark web.
These kits are becoming the go-to tools for creating counterfeit websites and gaining the specialized knowledge required to initiate phishing attacks on high-value targets, including Centrelink, the Australian Tax Office, and Medicare accounts.
Alarming Stats of myGov Scam
According to 9News, the year 2023 has witnessed more than 4,500 confirmed MyGov scams. Consequently, thousands of MyGov accounts are suspended every month as a preemptive measure against potential fraud.
The dangerous arsenal that the cybercriminal used comes in the form of nefarious kits equipped with security features. These enable the scammers to orchestrate multiple scams simultaneously. They can swiftly close down their operations to evade detection.
Some kits are even capable of identifying tech-savvy users, redirecting them to the official MyGov website. In many cases, the fraudulent websites they create are nearly indistinguishable from the legitimate ones.
Related Article : Google Calendar Can Now Be Hacked, Warns Google
Australian Government Expresses Concern
Government Services Minister Bill Shorten said that he is concerned about the recent scam that hit myGov website. According to the official, Australia has recorded a staggering $3.1 billion loss to the scams this 2023 alone.
Aside from the problem of hindering the hacks, he is also aware that phishing attacks are everywhere and people are at risk of getting their credentials stolen on the dark web.
One Password Fits All
These scams hold significant appeal for cybercriminals because a large portion of Australians use the same password for multiple accounts.
The attacks demand minimal effort and offer a high reward. For instance, some ads lure buyers by highlighting the fact that most Australians have a MyGov account. All they need to do is acquire login credentials and ensure the Australian Tax Office is linked to the account.
Shortens highlights the vulnerability associated with password reuse, as statistics reveal that people reuse passwords approximately 50% of the time. This provides scammers and hackers an opportunity to utilize stolen passwords to access other online services.
MyGov Resilience Effort
MyGov is currently the most widely used digital government service in Australia. Services Australia is committed to actively countering scammers and hacker attacks. Nevertheless, operators of "scam-in-a-box" are expected to persist in targeting MyGov accounts until the government completes its overhaul of identity verification processes.
Bill Shorten affirms the government's determination to disrupt malicious actors and enhance online defenses. He is collaborating with Senator Katy Gallagher to establish a digital ID system that will serve as a robust line of defense against cybercrime.
The History of Dark Web Sales
The sale of sensitive identification data on the dark web has been a concern for many years. In 2017, the sale of Medicare patient details was reported.
In 2019, dark web vendors offered Medicare details for a price, including fake Medicare cards and forged forms of identification such as New South Wales driver licenses, according to The Guardian.
As Australian authorities work diligently to strengthen their cybersecurity measures, the hope is that the menace of MyGov scams will soon be a thing of the past.