Centrelink Scam Alert: Fake Emails Steal myGov Credentials, IDs
Centrelink Scam Alert: Fake Emails Steal myGov Credentials

Scammers are sending phishing emails that impersonate Centrelink and the Australian Government's myGov service, aiming to steal login credentials, SMS codes, identity documents, and security answers, according to email security platform MailGuard.

How the Scam Works

The fraudulent emails urge recipients to “review your income and asset information” by a specific due date. Clicking the link directs users to a fake platform that mimics official Centrelink and myGov pages. Once users enter their username or email and password, an error message appears stating “the information you entered is incorrect. Please try to login again.” The attackers then ask for a mobile number to receive a one‑time code, potentially bypassing multi‑factor authentication.

Fake Branding and Red Flags

MailGuard noted that the emails closely resemble official Centrelink communications, using fake branding and language that appears legitimate. Warning signs include the sender address “noreply@edenrideapp.com,” which is unrelated to Centrelink, and phishing sites hosted on suspicious URLs that do not match the official myGov domain. The email link is an Amazon SES tracking URL that redirects to a non‑legitimate domain. Some fake prompts even request additional personal information such as driver’s licence and passport numbers.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

How to Stay Safe

“Recipients should be cautious of any unexpected review or verification emails, especially those that request sensitive information via embedded links,” MailGuard said. “Accessing myGov and other government services via known, bookmarked URLs or official apps, rather than email buttons, significantly reduces the risk of successful phishing attacks.”

Pickt after-article banner — collaborative shopping lists app with family illustration