Australia’s myGov Digital ID Scam Losses Reach $2 Billion

Financial Loss from Australia’s myGov Digital ID system has reached $2 billion (AUS $3.1 billion), within this year alone.

More than 4500 MyGov scam cases have been identified this year, leading to the suspension of thousands of accounts every month over fraud concerns, reported the Guardian.

The authorities are suspending thousands of MyGov accounts every month, suspecting that they have been hacked by the use of “scam-in-a-box” fraud kits marketed by criminals on the dark web. These fraud kits facilitated the creation of counterfeit websites and provided the specified knowledge to conduct phishing attacks against Centrelink, the Australian Tax Office, and Medicare accounts.

Bill Shorten, the government service minister, reportedly said, “These fake sites and criminal gimmicks like ‘scams in a box’ trick our citizens into giving criminals their user. ID and passwords”.

In certain instances, the kits are equipped with security measures, allowing the criminals to execute multiple scams at the same time and then swiftly shut down them to prevent detection.

MyGov is a digital platform used by the residents of Australia to access government services. The scammers have been using texts and emails to mislead their target into believing that they have tax refunds or requesting bank account verification, directing them to fake websites.

The fraudsters mostly favor this type of fraud, because there is a 50% possibility that people will reuse their passwords, giving scammers the chance to access multiple online services.

In August, The Australian Tax Office alerted the public against clicking links within emails and texts that pretend to be from myGov website.

Bill Shorten said, “The problem with these hacks, and the proliferation of phishing scams we now see, is that increasing amounts of stolen identifying details end up on the dark web”.

How the Government plans to prevent cyber attacks by using ID verification?

Bill Shorten said that the government is finalizing the enhancement in the ID verification process to prevent cyberattacks related to the MyGov platform.

The country is deliberating on a proposed law to regulate ID verification services. The government of Anthony Albanese is focused on enhancing cybersecurity infrastructure in the country.

Moreover, the government is aimed at developing a digital ID system as a key defense against cyber attacks. The momentum for this initiative in response to the Optus breach led to the incorporation of digital identity verification into platforms such as MyGOv, or MyGovID.

Optus is an Australian telecommunications company providing services to more than 10 million customers on a daily basis. In September 2022, the Optus data breach resulted in the exposure of confidential information including passport, driver’s license, and medicare data of more than 100,000 Optus clients on the internet.

ID verification is crucial in combating fraud and identity theft and must be part of regulation in various sectors including government departments and businesses. Recently, The Albanese government has been under scrutiny for lacking the implementation of a legal framework in the biometric identity verification process. The government is facing scrutiny for hundreds of millions of possible illegal identity checks. Despite the lack of legislation, the service continued to operate.

Nevertheless, the Law Council of Australia has raised alarms over unregulated facial recognition services like Clearview AI, which are not covered by the new bill.