Pages

Monday, December 09, 2024

The cunning tricks hackers used to steal Perth man Jeff Pollard’s Centrelink age pension

 Without a moral framework, there is nothing left but immediate self-indulgence by some and the path of least resistance by others. Neither can sustain a free society.

Thomas Sowell


Retired University of Western Australia employee Jeff Pollard is no fool when it comes to online safety. But even the security-savvy can get caught.
It started with an email purportedly from myGov, with a message that he had a notification from Centrelink.
“I had been providing some requested information, so thought it was a follow-up to that and I simply clicked the link in the email,” Mr Pollard said.
The link opened a perfect replica of the myGov website and he entered his login details, including his password. As expected, he received an SMS message with a six-digit security code.
Codes sent via SMS are an extra level of security as part of “two-factor authentication” protocols which attempt to provide greater protection against scammers.
It’s likely that as Mr Pollard was entering the legitimate number on the fake site, the scammers were entering it on the actual myGov site, and logging in using his details.


The site then asked him to set up some security questions and also to send a scanned copy of the front and back of his driver’s licence.
“At this point, it seems they had everything they needed to hijack my identity completely,” Mr Pollard said.
“I remember seeing messages about a new device and passkeys being set up, but just thought this was in response to my earlier exchanges with Centrelink.”
Fortunately, the next series of text messages raised his suspicions.
“After doing this I received a notification telling me that I was due a tax refund and it would be paid into my bank account, which they had. I was suspicious and contacted the Australian Taxation Office, which put my tax details on a security watch,” he said
But reporting the suspicious activity does not seem to have been passed on to other government agencies connected to Mr Pollard’s myGov account. Things only got worse from there.
“I did not receive my age pension on the normal date,” he said.
“I looked at my payment history and found out that some payments had gone to suspicious bank accounts, including an advance of $1200.”
Mr Pollard contacted Centrelink again, and it locked the account. Within a few days, his missed payment had been made, and Centrelink is now investigating the fraud.
He said most of the ordeal could have been avoided if he had followed the golden rule for avoiding scams.
“Never click on a link unless you genuinely know it is legitimate and have spoken to someone first,” he said.
“From now on, I will always type in the name of the website on my computer. That, really, is the only way I know the website is the real thing.”
Nick Bruining is an independent financial adviser and a member of the Certified Independent Financial Advisers Association

West Australians using the myGov service have been warned to remain alert following a sharp rise in identity theft, with the data pinched being used to redirect pension payments to scammers’ accounts.
MyGov is the Federal Government’s online portal that allows people to link their account to critical government services. These include Centrelink, the Australian Taxation Office, My Aged Care, and Medicare.
Financial advisers specialising in retirement have reported an increase in scammer activity, but say they are well positioned to alert clients if their accounts have been compromised.
Services Australia general manager Hank Jongen said phishing sites were the most common way for scammers to steal identification data.
“If someone clicks on a link to a phishing website and enters their details, the scammer can use that to sign into their real myGov account and access linked member services,” Mr Jongen said.
This then allows the criminals to redirect payments, make additional claims, and even make use of cash-advance services available to some income support customers.
It is important to note the myGov website and the data held by the various agencies has not been compromised in any way.
Independent financial planner James Robinson, who specialises in retirement advice, said he had received a number of calls from clients about bogus payments.
“There’s a notification of some special Centrelink payment they’re entitled to and they then provide basic details,” Mr Robinson said.
“While there’s no immediate risk, the scammers now have your email address and the knowledge that you might be vulnerable to future approaches.”
Where a client has appointed a financial adviser or other person as a correspondence nominee for Centrelink purposes, a change in any arrangements — including the cessation or appointment of new nominees — triggers a letter to the correspondence nominee.
“We get notified of the change and when we’re not aware of it coming, we make a call to the client to see what’s going on. In many cases, it’s the first they’ve heard of it,” Mr Robinson said.
Mr Jongen said there were some basic precautions people should take, including ignoring links in texts or emails, no matter how official they looked.
“Services Australia, including myGov, won’t ever send you a text message or email with a link asking you to sign into myGov or share your personal information,” he said.
Mr Jongen advised people always to type in the name of the site they intended to visit — such as my.gov.au — to be certain it was the genuine website and not a fake.
Some of the fake sites look very real and can even fool someone who is a regular visitor to the myGov site.
Similarly, fake Centrelink or other government posts will sometimes appear on platforms like Facebook, X and Instagram.
Centrelink will never engage with you on Facebook, Messenger, WhatsApp or by other communication methods.
Users can also improve their online protection by using passkeys instead of passwords, and two-factor authentication, where myGov sends you a code or PIN number via your phone.
“But remember, Centrelink staff will never ask you to read that code to them or ask for your secret questions and answers,” Mr Jongen said.
“In fact, it is probably a good sign that you are being scammed right at that moment if you’re asked to provide your two-factor authentication to anyone. Hang up immediately.”
Nick Bruining is an independent financial adviser and a member of the Certified Independent Financial Advisers Association