You have 0 free articles left this month.
Register for a free account to access unlimited free content.
accountants daily logo

8 Malaysians arrested over alleged myGov phishing kits


An international operation found templates and scripts mimicking government websites were allegedly being offered to cyber criminals to harvest personal data.

By Philip King 12 minute read

Eight people have been arrested in Malaysia for allegedly developing phishing kits that target myGov and other Australian government websites following a tip-off by the AFP.

The AFP said its cyber crime centre had detected a Malaysian national who was advertising the phishing kits, which contained templates and scripts replicating Australian government sites including myGov.

The kits, which also covered US and Malaysian government websites, were allegedly being run on a “bulletproof” host server and sold to cyber criminals trying to steal personal data.


In a separate investigation, the FBI linked the hosting service to an alleged organised criminal syndicate and further enquiries located a Malaysian technology park that housed the servers and hardware.

Malaysian police arrested a Borneo man following a search of his home which found large numbers of usernames, passwords and cryptocurrency wallet seed phrases.

During a simultaneous search of the technology park, Malaysian police and the AFP seized four servers, power cables, monitors and a modem.

The Borneo man and seven others who allegedly acted as mules were arrested and charged under Malaysian law.

The joint forces said one server held more than 16 virtual machines that ran a variety of operating systems and services to support the hosting service.

Investigators seized more than 60 terabytes of data, three servers and one network storage device.

AFP Acting Detective Superintendent Darryl Parrish said phishing attacks cost Australians almost $25 million last year.

“Cybercriminals will use any tools and tricks to exploit people for their own profit – in this case, it is mimicking trusted government websites,” he said.

“The AFP is committed to working with our valued law enforcement partners to track down cybercriminals and bring them to justice, regardless of where they are in the world.

“This case highlights how vital it is for law enforcement agencies to share intelligence and resources globally, as crime is borderless.”

Last week the ATO bolstered its defences around myGovID to counter an “unprecedented rise” in identity-related fraud.

It said security upgrades would add extra layers of protection to the myGovID service after an increase in the pace and scale of criminals using stolen personal information. 

The ATO said last financial year there was a 25 per cent increase in impersonation scam reports, with 346 individuals divulging personal identifying information including myGov sign-in credentials.

This month it also rolled out the next phase of its agent-client linking system, which was also designed to tackle security concerns.

You need to be a member to post comments. Become a member for free today!
Philip King

Philip King


Philip King is editor of Accountants Daily and SMSF Adviser, the leading sources of news, insight, and educational content for professionals in the accounting and SMSF sectors.

Philip joined the titles in March 2022 and brings extensive experience from a variety of roles at The Australian national broadsheet daily, most recently as motoring editor. His background also takes in spells on diverse consumer and trade magazines.

You can email Philip on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.