WARNING: myGov website cloned by scammers stealing login, bank account details

SCAMMERS have cloned Australia’s myGov website in an attempt to trick its users into revealing their login, security and bank account details.

The federal government’s StaySmartOnline service warns the scam involves a convincing ‘phishing’ email that looks to be from Medicare, and a fake MyGov payment website.

The email asks those who receive it to update their Electronic Funds Transfer (EFT) details in order to have their Medicare benefits and claims paid directly into their bank accounts.


The scam email (Source: StaySmartOnline)

But when recipients click on the link in the email, they are taken to a replica of the real myGov website.

There, they are prompted to enter their login details and provide a secrete security question and answer before being redirected to a fake Medicare website to input their bank account details.

The emails and fake websites feature Federal Government, myGov and Medicare design and branding, making them appear legitimate and difficult to detect.

The fake myGov website (Source: StaySmartOnline)

The fake Medicare website (Source: StaySmartOnline)

“Remember, clicking on the link and sharing your details gives these scammers access to your personal information, which they then use to steal your money and identity,” StaySmartOnline warns.

The email scam comes at a time when hundreds of thousands of Australian’s will be logging-in to the myGov website to lodge their tax returns using myTax.


  • Do not click on links in emails or text messages claiming to be from myGov or Medicare. myGov will never send you a text, email or attachment with hyperlinks or web addresses.
  • Don’t open messages if you don’t know the sender, or if you’re not expecting them.
  • Be suspicious of messages that aren’t addressed directly to you, or don’t use your correct name.
  • Login to your official myGov account by typing the web address into your browser, to check your inbox for any legitimate emails from Medicare.
  • You can also contact the organisation separately to check if they have sent the message.
  • You’ll note the website’s URL includes ‘.net’ instead of ‘.gov.au’, which is an indication the website is not a legitimate Australian Government domain.

If you are concerned that your personal information has been compromised and misused, you can contact Australia’s National Identity and Cyber Support Service, IDCare or use their free Cyber First Aid Kit.

If you have been a victim of a cybercrime such as fraud, report it to the Australian Cybercrime Online Reporting Network (ACORN).