← Back to BlogAustralian Scams

The MyGov Scam: How Fake Government Emails Fool Australians

The MyGov Scam: How Fake Government Emails Fool Australians

If there's one subject line guaranteed to make an Australian's pulse quicken, it's something involving the government and their finances. Scammers know this. Which is why fake myGov messages are perennially among the most successful phishing attacks in Australia.

What is the myGov scam?

The scam involves emails (and increasingly, SMS messages) that look like official communications from myGov — the Australian government's digital services portal that links Centrelink, Medicare, the ATO, and other services.

The messages typically:

  • Claim you have a refund waiting
  • Tell you your account has been locked or needs verification
  • Alert you to "unusual activity" on your account
  • Notify you of a new message or document requiring your attention

They include an urgent call to action and a link to what looks like the myGov login page — which is, of course, a fake designed to steal your credentials.

The real cost

MyGov credential theft can have cascading effects. Your myGov account connects to your Medicare details, your ATO tax records, your Centrelink account, and potentially your superannuation information. It's a treasure chest of personal data for identity theft.

How to spot a fake myGov message:

  1. myGov never includes links in emails. This is official policy. Real myGov notifications tell you to log in directly at my.gov.au — they do not include a clickable link.
  1. The email address is wrong. Legitimate myGov emails come from `@my.gov.au` domains. Anything else is suspicious.
  1. SMS messages from "myGov" asking you to click a link are scams. myGov uses SMS for verification codes only — not for links to log in.
  1. Your name is missing. If the message says "Dear Customer" instead of your actual name, it wasn't sent by an organisation that has your records.

What to do:

  • Don't click any link in an email claiming to be from myGov
  • Open your browser and go directly to `my.gov.au`
  • If there's actually a message or alert, you'll see it there
  • Forward suspicious myGov emails to `reportemailfraud@ato.gov.au`
  • Report SMS scams by forwarding to 7226

Remember: when in doubt, go direct.

The rule for any government service — myGov, ATO, Medicare — is simple: never use a link from an email. Always navigate directly to the website.

Train yourself to spot government impersonation scams at Phishbate →

Think you can spot a phish?

Put your knowledge to the test with the Phishbate interactive quiz. It only takes a few minutes.

Take the Quiz →