Australians will no longer have to remember their username and password to access government services online as part of an overhaul to stop billions of dollars being lost to scammers.
Earlier this week, the federal government revealed thousands of myGov accounts were being suspended each month out of concern they’d been breached by “scam-in-a-box” kits being sold by criminals on the dark web.
Australians have already lost $3.1bn to scams this year and myGov – which hosts Centrelink, Australian Tax Office and Medicare data – is an attractive target for criminals looking to steal sensitive information.
Next year, the government will introduce passkeys such as face or fingerprint recognition instead of usernames and passwords, making it much harder for scammers to gain access.
“Passkeys will be introduced to bring myGov further into the 21st century, allowing Australians the ability to use biometric options such as facial recognition to access the site,” the government services minister, Bill Shorten, said in a statement.
“These important sign-in alternatives are familiar to many Australians, and are a key safeguard against scammers who use phishing tactics to harvest personal information like people’s date of birth to fraudulently access accounts.”
Government sources believe people reuse their passwords at least 50% of the time, which makes it possible for scammers and hackers to use the stolen password to access other online accounts.
The scam-in-a-box products are used to create fake websites and provide the specialist knowledge required to launch phishing attacks on Centrelink, Australian Tax Office and Medicare accounts.
In some cases, the kits come with security controls and allow criminals to run multiple scams at once, before quickly closing them to avoid detection.
Some can identify when they’re dealing with more IT-savvy users, and direct them to the official myGov website. Many fake websites are almost identical to the real version.
One ad tells buyers that most Australians have a myGov account and that all you have to do is ask for login details and make sure the Australian Tax Office is linked to their account.
Shorten also announced a new advisory group would be formed to ensure myGov puts customers first. The group, which was recommended by a user audit of the service, will be led by the former NSW minister for customer service and digital government Victor Dominello.
Other panel members include the former human rights commissioner Ed Santow; the executive director at The Ethics Centre, Simon Longstaff, and the Victorian secretary of the Community and Public Sector Union, Karen Batt.
“The other committee members bring strong, balanced and wide ranging insights across fields such as governance, service delivery ethics, use of technology in digital service delivery and advocacy for both customers and service delivery staff.”
In August, the Australian Tax Office warned people against clicking on emails and text message scams that direct people to fake myGov websites.
These emails and texts often told people they were owed a tax refund, or that they needed to confirm their bank account, and directed them to a fake website.
“We’re receiving an increased number of reports about several ATO impersonation SMS and email scams,” an ATO spokesperson said.