Centrelink, ATO, Medicare accounts hacked through 'side entrance'

A new report has revealed that scammers are infiltrating Aussies’ Centrelink, Australian Taxation Office (ATO) and Medicare accounts by creating fake myGov accounts. Fraudsters then make false claims for Centrelink payments or bogus tax claims worth thousands.

The investigation into myGov fraud discovered scammers were accessing Aussies’ accounts through a process called “unauthorised linking”. This is where a genuine myGov customer’s service account account is linked with a fake myGov account created by a fraudster, without their knowledge.

Commonwealth Ombudsman Ian Anderson found myGov’s current security measures did not “adequately protect people” from their accounts being linked and exploited where there had been identity theft.

RELATED

• Aussie bank's incredible move after scammer conned small business out of $900,000

• Aussie jobs paying up to $200,000 with no uni degree: 'Crying out for people'

• Major $300 rebate update after millions miss out on cost-of-living support

It found current measures were more focused on stopping fraudsters getting into genuine accounts, rather than stopping them from taking a “side entrance” to accounts through unauthorised linking.

“People have told us about the stress and anxiety they experienced when their personal information was stolen, and fraud committed in their name,” Anderson said.

The report also found there were not enough security controls in place to ensure “high-risk transactions”, such as changing bank account details, were authorised by genuine customers.

“Given the volume and sensitivity of information held in member service accounts linked to myGov, robust protections to stop fraudsters gaining unauthorised access to myGov accounts are essential,” Anderson said.

Have you fallen victim to scam? Share your story with tamika.seeto@yahooinc.com

How are hackers getting into myGov accounts?

Fraudsters are using stolen personal information to access people's Centrelink, Medicare and ATO online accounts through myGov.

They can steal people’s identity through targeted attacks like the Optus and Medibank data breaches, phishing scams, buying someone’s information through the dark web, or stealing personal information through rubbish or mailboxes, the report said.

Once they have access to people’s myGov accounts, scammers submit false claims for Centrelink payments, advances or loans in their name, redirect government payments, and submit false tax returns to claim refunds.

People also reported being unable to access financial assistance, such as the Child Care Subsidy, due to fraudsters’ actions.

Services Australia responds

Services Australia has welcomed the report and confirmed it will action all recommendations made.

The report recommended changes to improve security controls for unauthorised linking and high-risk transactions, including controls like two-factor authentication.

It also recommended Services Australia establish formal processes for managing risks across the myGov ecosystem.

Services Australia general manager Hank Jongen said the organisation understood it can be stressful for people whose myGov or linked services were compromised by scammers.

"Maintaining the security of myGov and the protection of people’s personal information remains a top priority, and we’re committed to ongoing improvement," Jongen said in a statement to Yahoo Finance.

"Work is already underway to address the identified issues, as well as other security improvements to ensure myGov remains trusted, safe and secure."

Secure sign-in options including passkey, digital ID and two-factor authentication are already in place to protect people's accounts, Jongen said.

Services Australia also locks myGov accounts and sends security notifications to customers on potential unauthorised access.

Get the latest Yahoo Finance news - follow us on Facebook, LinkedIn and Instagram.