Hacking, MyGov etc, beware
Some general "beware" info, which has left me somewhat astonished.
The Commonwealth Gov posturing and lecturing on the Optus and Medibank data breaches seemed to me quite timely and a good thing, until I discovered the following over the last few weeks.
The hypocracy is quite astounding I think.
Note this is not intended as a sounding board for BlueK to pontificate on, its a general warning every tax payer who is compelled to use these systems.
Its probably best to remove the links to ATO, MyHealth etc and put them back when you actually need them next
MyGov have no interest in investigating either how someone was able to access MyGov without the MyGovID code from my phone, or why they did not inform either me or ATO that access had been successful
- 14/12/22. Received text from ATO that my details had been changed via MyGov and to phone 132861 if it wasn’t me. I had not been on MyGov for several months.
Also tried to contact my accountant but they were closed. - From that point to the 3rd Jan I tried to contact ATO without success, “too busy call later” etc and they are closed Xmas to New Year.
- 27/12/22 Checked MyGov to find it was “permanently locked” and I should open a new one, I started this process.
Spoke to MyGov helpline who told me there had been suspicious activity on my account, I asked why they did not inform me and they said “they don’t do that as it happens too many times”. - Once ATO opened, after an hour on hold I spoke to them and they said they did not send that text. After I insisted it looked genuine, they looked further and conceded they did in fact send it.
Had I not insisted, I would have been unaware of any of this until lodging my real Tax Return.
We then discovered that;
-a tax return had been submitted noting a $35K donation to boost it on the 13th Dec
-My accountant had been removed as my agent
-an ANZ bank account added as recipient (I have this account number)
-some other details changed. - While going thru the reporting process to ATO I was given two 13-digit reference numbers and several other references, I asked for all details to be emailed and they simply will not send or accept ANY emails even without personal details on, hence I have no written record that I have reported it for any claims on insurance.
They said they were blocking my accounts and I’d need to request access for 48hrs (as well as my accountant), I asked how long for and was told “probably forever”
This is patently untrue as I had reported to them I was included in the Svitzer/Maersk data breach a few years back and yet here we are again? - I contacted MyGov again and asked;
-Did you notify ATO of this breach? “No we don’t do that”.
-What other services of mine were accessed via MyGov? “We don’t give out that information”
-How do I submit a written complaint or feedback about MyGov? “Umm there is no way to do this”.
-What are my rights if my money is taken and not recoverable due to your data breach? "we should be able to get it back" (yeah right...) - ATO also told me that Bank Account must be in my name, or they would not pay the refund into it (I don’t believe this is actually correct as refunds get paid into all sorts of accounts of Tax Agents etc)
Obviously this would very concerning as it would mean they have 100 points of my ID to open the account. - I contacted ANZ to report that the account may be in my name but even if it wasn’t, it was being used for fraud.
They would give no help, were not interested in that account at all, would not take its details and said there was no action they would take as I had not lost any money-yet… - I lodged a request with IDCARE which said they would contact me “shortly”-took 2 days to respond.
- I placed a ban on my Credit Report
- I checked my ATO account 4 hours after reporting all this, the account was still open, refund “pending”, fake account details in there, no changes made.
So I called them again and escalated it, then it was blocked.
Accountant changed the bank account back to my own, in hindsight we should have left it but I have recorded this number.
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
Shark1
Posts: 1086
Date Joined: 21/05/12
F%^King SHOCKING!
F%^King SHOCKING!
lastcast
Posts: 215
Date Joined: 04/04/13
myGov
It is shocking.
Would the ombudsman be any help at all here ?
An example of why I do not have a 'mygov' account and never will.
Jamie-Chester
Posts: 116
Date Joined: 28/07/10
You will be forced at one
You will be forced at one point. This story is horrendous. And yet we keep getting coerced into more and more digital id shit.
Jackfrost80
Posts: 8140
Date Joined: 07/05/12
Holy shit, must be causing
Holy shit, must be causing you some very much undue stress.
Just out of interest, did you download and link Mygov through that SafeWA app?
Officially off the Pies bandwagon
Rob H
Posts: 5795
Date Joined: 18/01/12
no i didnt, its the MyGovID
no i didnt, its the MyGovID which generates a 4 digit code on iphone before allowing access on desktop.
In theory it shouldnt be accessable except by my fingerprint or passcode.
Someone may correct me but I dont think any modern iphone has actually ever been hacked (as opposed to inadvertant compromise of passcodes etc)
Even FBI was trying to force Apple to unlock one a couple of years back on an investigation.
I would be very curious to know how they got in especially if it WAS thru my oversight (I don't discount it) but you'd expect MyGov would both have a record of how access was gained and be keen to school me if it was my error.
But they have no apparent interest, nor ANZ.
Sent the above to my local federal member who has sent it on to a Parliamentary Committee who may provide an answer in between slurping on the trough haha
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
Jackfrost80
Posts: 8140
Date Joined: 07/05/12
It's the only way you'll get
It's the only way you'll get an traction and the answer will be interesting.
I had an issue with Centrelink after my 2nd kid, they lost the birth certificate copy and were going to leave us 12 weeks with no back paid parental leave. 2x 2hr plus phone calls on waiting only to get cut off twice. I rang the Minister's office and it was sorted in 24 hrs. I feel sorry for anyone who has to deal with them regularly.
Officially off the Pies bandwagon
uncle
Posts: 9474
Date Joined: 10/02/07
Keep a copy of everything you give
them and every thing they give you
all aggressive fish love bigjohnsjigs
Shark1
Posts: 1086
Date Joined: 21/05/12
is this not a current affair
is this not a current affair topic- reckon they would love to hear about it
Rob H
Posts: 5795
Date Joined: 18/01/12
.
Sent it thru to 4Corners
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
Rob H
Posts: 5795
Date Joined: 18/01/12
.
.
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
Rob H
Posts: 5795
Date Joined: 18/01/12
.
Probably my number one issues are that;
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
Shark1
Posts: 1086
Date Joined: 21/05/12
the Israelis are known to be
the Israelis are known to be able to hack iphone etc.
and was how the FBI got data of the phone u talk about Rob
really think U need to contact the media
the stink will probably lead to action -speedily , where as question in parliament will be a -"I dont know and will get back to you" or this is a federal matter - with no action
for ATO to not be aware they send an email is scary - there is an ATO scam going around which looks legit, one would expect them to take this matter very seriously
as per your sig
the ATO is probably just winging it ;p
Rob H
Posts: 5795
Date Joined: 18/01/12
wasnt an email, it was a
wasnt an email, it was a text.
Genuine as far I could see as it had no links only the 13 number for ATO.
We have had an uncountable number of the texts, landline messages and emails almost all are laughably amateur but obviously have a percentage of success still.
Closed off our landline as it was all that came thru on it
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
still trying
Posts: 1048
Date Joined: 27/06/17
Wouldn't surprise me if
Wouldn't surprise me if mygov etc would have the worst data security going around , I don't think they understand the internet look at the census debacle what did they think was going to happen.
rather be fishing
sea-kem
Posts: 14960
Date Joined: 30/11/09
And as usual just a total
And as usual just a total lack of goverment departmental care, all on a decent salary with no respsonsibility.
I had a call from the tax offie a few years ago.
He wanted my details before he would proceed, I said I wouldn't until he verified himself. I told him there's all sorts of phone scams so he wouldn't be getting any of my personal info.
It became a jousting match until he finally gave me a clue as to what the call was regarding then I knew it was legit.
I actually told him my accountant was handling the problem as it was regarding my super.
When I rang her she said the incompetant clowns were meant to be dealing directly through her.
As it was it was a tax office balls up anyway, gives you great confidence ....not.
And let's not mention Robodebt, there are poor souls who commited suicide over that cluster fuck
Sorry to hear you've had to waste your time dealing with this crap Rob, it just shouldn't happen.
Love the West!
lastcast
Posts: 215
Date Joined: 04/04/13
ATO shenanigans
Here's one, I had to call the ATO up about something, finally got through.
A brief conversation (I had not identified myself) then was told 'your voice will be recorded to create a biometric print'.
I objected to this and asked them if they would continue recording and or keep the recording that they had already made.
The answer was, incredibly, 'to stop recording or do destroy the recording that we have already made, we will need to know your TFN and DoB'.
Now .. why would that be ? Perhaps needless to say I hung up.
I'm happy to pay my tax as they become due, but not to be subjected to such deceitful surveillance.
Bodgy 79
Posts: 285
Date Joined: 04/08/22
Good on you for calling them
Good on you for calling them out Rob,should be more of it.
The whole system seems a bit shagged imo,had to link Medicare to myGov to claim for a scan I had and what a frustrating exercise.Fuckn passwords,incorrect info,no help over the phone just all ya normal digital fuck around that a simple envelope in the post could suffice in 1/4 of the time.More efficient my ass,3 weeks to get me $500 back.Makes me wonder how the elderly get on with this shit let alone the 500 crackers they would be short for the month
Moondog
Posts: 131
Date Joined: 25/06/18
Keep up with the QR code's
Keep up with the QR code's and vaccine passports boys. Same blokes trusting the government with the jab now are bagging the government with myGov! Hahaha. Had to get away from the chat for a few months then this pops up! Funny stuff
Bodgy 79
Posts: 285
Date Joined: 04/08/22
So why run ya mouth about
So why run ya mouth about people you don't even know or there personal circumstances?Totaly different topic being the security of personal information & the ato ect
still trying
Posts: 1048
Date Joined: 27/06/17
What does mygov have to do
What does mygov have to do with covid? Put your alfoil hat back on dickhead. They are watching us!!!!! Haha
rather be fishing
Jackfrost80
Posts: 8140
Date Joined: 07/05/12
Like clockwork, Moonunit
Like clockwork, Moonunit reappears on a full moon. The moon's gravitational pull must have upset the frequency of his tin foil hat antenna?
Officially off the Pies bandwagon
sea-kem
Posts: 14960
Date Joined: 30/11/09
This comment makes you look
This comment makes you look like the bell end you are.
Love the West!
Jamie-Chester
Posts: 116
Date Joined: 28/07/10
Nothing to do with covid
Nothing to do with covid directly. But plenty to do with the digital surveillance involving data collection via qr codes and covid safe app etc.
marble
Posts: 775
Date Joined: 03/09/09
Bla bla bla . Every chance
Bla bla bla . Every chance to push your little agenda . Go for it champ
PMY 25 Centre Console DF300 Suzuki
Rob H
Posts: 5795
Date Joined: 18/01/12
Nothing further to add,
Nothing further to add, until I get something back.
Had a message from local MP that ATO was now investigating it, we will quickly see how thoroughly if they pick up that my accountant changed the recipient account details between reporting and locking of the ATO account.
It is really the MyGov side that needs looking at though, whether it was my mistake or theirs I need to know how otherwise the door is still open.
I'm wondering whether a new MyGov was made in my name then linked up to ATO but you'd think alarm bells would ring.
My surname is not Smith or Jones-there is nobody else in the world with my given/surname and only my family here, NZ and a couple in Belgium with my surname.
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
marrisy
Posts: 201
Date Joined: 08/09/11
Not just myGov
Dot keep stuffing me around. There's 5 people with the same first and last name as me in Australia, it's now over a dozen times the registration for different vehicles has been sent to the wrong one of us, discovered I had paid for a trailer registration for some one else, for nearly 5 years, for several years got my renewal already paid for the cat, then a phone call telling me that my boat rego number had to be changed because it had been issued twice, but I didn't have to back pay. Nice.
Got hit up for child maintainance for two kids, that wasn't fun. Bloke had same first and last name , my second name starts with H, his with A, his And my H did look similar and the signatures were similar, guess I have had an interesting life.
Child support sorted it in the finish.
BlueKiaser
Posts: 422
Date Joined: 22/04/15
Seems to be a known security issue
Your story Rob appears to be the same as this reported a few weeks back;
www.abc.net.au/news/2022-12-18/ato-tax-hacked-via-mygov-services-australia-exploit/101781656
"Services Australia told ABC Investigations it had analysed Sue's genuine myGov account and found it had never been hacked and all fraudulent activity had originated from the fake one."
And sadly from what I can see in that article and from other searches around the internet, our government services are not too keen to explain exactly how they are allowing fake mygov profile accounts to be established and then linked to the ATO without proper warnings and triggers.
And my apologies if that was too much pontificating for your liking.
Rob H
Posts: 5795
Date Joined: 18/01/12
Thanks mate, that looks to
Thanks mate, that looks to be exactly what happened as the text referred to a "new link to MyGov" being created.
The hole is in MyGov exactly as I thought, been looking deep into it over last few days.
Interesting still that MyGov MUST have known it was connected to me as the "permanently locked" my original account.
Kudos to ATO for actually sending such a text, brickbats for not providing a viable way to report it nor even acting on it when it was reported.
The positive thing is they neither hacked my phone or emails or bank accounts as they dont have 100pts of ID, but thats not to say they cant dig it out.
Look up "pontificating" if you need to, for the meaning
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
BlueKiaser
Posts: 422
Date Joined: 22/04/15
fueled by the mob
There was no need for you to put the jab about me in your opening post yet you did.
Most likely once again fueld by your comfort of being part of the mob ... something I am all too accustomed to within these forums.
I respond to your mob provoked jab about "pontificate" in my typical fashion, while producing actual information on the topic of the thread.
And then you still appear to feel the need to accuse me of not knowing what pontificate means.
I apologised for my pontificating, given I used opinionated words such as sadly and judgemental words about Services Australia in my response and given your loose application of the word pontificate towards me (when I have documented history of consistantly posting opinions backed by research and posts stating they are just my beliefs while restraining from telling people what they should or should not do with their medical choices, other than become more informed).
I will not respond again in this thread, because it will only continue to take the discussion further away from the very good topic you have raised ... something that could have easily have been done without the character attack on me.
Rob H
Posts: 5795
Date Joined: 18/01/12
Roger
Roger.
If you care to look back you'd notice I barely commented on the earlier threads (aka platforms, soapbox?).
I don't recall ever even proffering whether I had the jab or not, but you have labelled me as "Most likely once again fueld by your comfort of being part of the mob"
without even knowing if I'm part of the "mob"
Thank you for volunteering to avoid diatribe here, accepted gracefully.
Your contribution here was very valuable as it was the key to the whole event, thanks again.
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
Billcollector
Posts: 2080
Date Joined: 16/05/09
Happy new year bk......
Happy new year bk...... Still a flog
little johnny
Posts: 5355
Date Joined: 04/12/11
Rob it is weird my wife
Received email from myGov last week. About receiving a payment owing her money. She deleted it .then I opened your post . Should have looked I suppose
Rob H
Posts: 5795
Date Joined: 18/01/12
Hey LJ, with MyGov they dont
Hey LJ, with MyGov they dont send you any notification so guaranteed fake.
ATO-only a text and mine had no links, only the correct 13 number so I had 95% confidence it was genuine
Give a man a mask, and he'll show you his true face...
The older you get the more you realize that no one has a f++king clue what they're doing.
Everyone's just winging it.
davewillo
Posts: 2391
Date Joined: 08/09/16
The whole thing sounds
The whole thing sounds appalling Rob. Having to prise that information out of myGov and the ATO is ridiculous.
Funny thing though - I had an issue with ATO/myGov a while back and one phonecall had it sorted in no time. I was amazed as I thought it would take a lot of calls and time to resolve. Probably the only time I've been happy the service and process of dealing with a government issue!
PGFC member and lure tragic