Centrelink Issues Urgent Warning After 270,000 Australians Targeted in Email Attack Linked to Medicare, Super and Tax Benefits

A major cyber incident has prompted Centrelink to issue an urgent nationwide warning after more than 270,000 Australians were targeted in a sophisticated email attack designed to steal personal details linked to Medicare, superannuation and tax benefits. The scam, which security experts say is one of the largest coordinated phishing attempts seen in Australia in recent years, is already causing widespread concern among vulnerable recipients. In Penrith, 58-year-old carer Linda Moretti said the email she received “looked so real I almost clicked it — it even had my correct Centrelink payment date”.

The federal government has activated emergency security protocols and is urging Australians to check their myGov accounts, change passwords and avoid clicking any links in suspicious messages. Officials say the emails were crafted to mimic legitimate government correspondence and were designed to harvest login credentials and financial information.

What’s Happening in the New Email Attack

• More than 270,000 Australians received fraudulent emails impersonating Centrelink, Medicare or the Australian Taxation Office.
• Scammers used cloned myGov branding, fake payment notices and false refund alerts to lure people into entering personal details.
• Several victims have already reported unauthorised attempts to access their super funds and bank-linked government payments.
• The scam messages falsely claim payment delays, Medicare suspensions or tax refunds to create urgency.
• myGov and Services Australia have confirmed no internal systems were breached, but scammers used publicly accessible data to personalise emails.

Real Stories Behind the Incident

Gold Coast pensioner Trevor Mills said he received a message claiming his Age Pension had been suspended due to a “failed identity verification”. “It scared me. I rely on that payment. If my daughter hadn’t checked it for me, I might have lost everything,” he said.

Melbourne hospitality worker Jenna Tran said she clicked the link before realising something was wrong. “The page loaded slowly and asked for my driver’s licence. That’s when I backed out. I felt sick knowing how close I came,” she said.

Government Statements

A Services Australia spokesperson said the agency is treating the incident as a critical threat. “These emails are highly sophisticated and designed to mimic official notifications. We’re urging all Australians to be extremely cautious and to verify any message through the official myGov portal,” they said.

The Australian Cyber Security Centre (ACSC) added that the attack highlights the growing risk of large-scale identity theft. “Cybercriminals continue to evolve. Australians must stay vigilant, especially when receiving messages about payments or benefits,” an ACSC representative said.

Analysis and Data Insight

Cybercrime targeting government benefits has surged by more than 30 percent over the past two years, according to federal data. Scammers increasingly use AI-generated messages and cloned websites to bypass traditional security filters.

The 270,000-email incident appears to be a coordinated credential-harvesting campaign, with attackers aiming to access:

• Bank-linked Centrelink payments
• Medicare records
• myGov login details
• Superannuation funds
• Tax file numbers and refund information

Once accessed, criminals can redirect payments, file fraudulent tax claims or attempt super withdrawals.

Comparison Table: Legitimate vs Scam Emails

Feature	Legitimate myGov Email	Scam Email Characteristics
Sender Address	Ends with .gov.au	Often similar but not exact
Links	Directs to my.gov.au only	Redirects to lookalike website
Personal Details	Never asks for ID via email	Requests licences, bank info, TFNs
Urgency	General notifications	Threats of suspension or delays
Formatting	Consistent branding	Slight colour or spacing errors

What You Should Know

Australians who receive suspicious messages should take the following steps:

• Do not click links — instead log in directly via my.gov.au.
• Change your myGov password immediately if you interacted with the email.
• Enable two-factor authentication to protect your account.
• Check bank accounts, super funds and Centrelink notices for unusual activity.
• Report suspicious messages to Scamwatch and the ACSC.

Q&A Section

1. Was myGov hacked?
   No, government systems were not breached; scammers imitated official emails.
2. How did scammers get my details?
   Many details come from public records, data leaks or social media.
3. What if I clicked the link?
   Change your myGov password immediately and monitor your accounts.
4. Can scammers access my payments?
   Yes, if they obtain your login credentials.
5. Will Centrelink contact people by email?
   Yes, but they never include clickable login links.
6. How do I check if an email is real?
   Log in manually to your myGov account — never through the email.
7. Will Services Australia reimburse stolen funds?
   Cases are assessed individually, but recovery is often limited.
8. What signs indicate fraud?
   Requests for ID, threats of suspension, urgent refund prompts.
9. Does two-factor authentication help?
   Yes, it significantly reduces the risk of unauthorised access.
10. Can Medicare or ATO accounts be affected too?
    Yes, if scammers gain entry through myGov.
11. Should I change my bank password?
    Only if you entered banking details on a scam site.
12. Will the scammers be tracked?
    Investigations are underway, but operations are often overseas.
13. How do I report suspicious emails?
    Forward them to Scamwatch or ACSC’s reporting service.
14. Are seniors more at risk?
    Yes, pension-linked scams target older Australians at higher rates.
15. Will Centrelink issue more security updates?
    Yes, further alerts will be released as investigations continue.