Scammers are impersonating senior officers from the Department of Home Affairs to trick visa applicants into paying for phoney visa applications.
On Thursday, Cybersecurity and Home Affairs minister Tony Burke announced a fraud racket was actively targeting people applying for visas to travel to Australia.
Departmental staff told Burke the scam had seen criminals pose as high-ranking Home Affairs officers offering to “help” with visa applications and goad victims into making “extra payments” to process their visa.
In some cases, scammers asked victims for money to “speed up” the process.
The minister stressed Home Affairs officials would “never” ask for additional payments to process visa applications and warned people to outright delete any “suspicious” emails or texts about visa applications.
Those who receive an “unexpected call” in the holiday season were urged to “hang up straight away”.
"Calling back using a verified number is one of the four simple ways you can protect yourself online,” said Burke.
Are the scammers using stolen data?
In an example of the types of messages scammers can use against visa applicants, the department shared an image of someone’s personal details being manipulated in an individually tailored phishing email.
Fraudsters can use personal information to make their scams more convincing. Source: Australian Department of Home Affairs.
Notably, the department obscured two pieces of personal information used in this scam email: the recipient’s first name and an upcoming employment opportunity they had secured in Australia.
Armed with this information, the scammer offered to “streamline the process” with a visa-related health examination in the Philippines for $635.
Though the email claimed to be from the “Australian Department of Home Affairs, Immigration and Citizenship”, the scammer clumsily demanded payment to a cryptocurrency wallet.
Information Age understands this example was not specific to Burke’s recent scam announcement and that cybercriminals may be adopting other methods to fool visa applicants.
Burke meanwhile warned visa applicants to “always use unique passphrases, keep your device up to date with the latest software and use multi-factor authentication if available”.
Crackdown on scam migration agents
Burke warned some scammers were also asking for money to help fast-track victims’ visa applications – a tactic that has grown increasingly common among scam migration ‘agents’ who poach visa applicants on social media and private messaging apps such as WhatsApp.
Indeed, Home Affairs made it official advice in March to be wary of malicious agents who ask for a large amount of money upfront to guarantee or fast-track your visa.
“They may tell you there are only a few visas left and a payment is needed quickly,” the department warned.
In September, Home Affairs joined forces with Australian Border Force (ABF) to launch a multi-month crackdown effort against scam migration agents.
This operation started by targeting seven major scam agents who had collectively charged up to $1,422,000 to “vulnerable visa applicants” for protection-class visas, despite knowing they were not eligible and would be refused such a visa.
Four agents were removed from Victoria and Queensland after ABF found they had been “operating onshore illegally” despite having “no right to be here”, while another three were located and detained, pending removal.
Emily Winch, senior director of the Office of the Migration Agents Registration Authority, said applicants should use the organisation’s self-service portal to check if an agent is registered before paying for their services.
Home Affairs reiterated on Friday that legitimate correspondence from the government will always come from an official ‘.gov.au’ email address.
“If you’re unsure about any communications you’ve received, check it’s real by going to ImmiAccount – the official Australian Government immigration portal for your application,” the department said.
Scams follow widescale data theft
Burke’s warning about fake Home Affairs officials came after a trove of leaked Home Affairs user logins was found sitting in a publicly accessible dataset in May.
At the time, security researcher Jeremiah Fowler determined the illicit dataset was likely tied to an infostealer malware which harvested user data from individually infected devices rather than company platforms themselves.
The dataset contained more than 184 million user logins for the likes of Google, Facebook, and Home Affairs’ visa application platform ImmiAccount, among many others.
Burke’s announcement did not specify whether cybercriminals were using exposed personal or account details to scam visa applicants, while a Home Affairs spokesperson confirmed to Information Age the ImmiAccount platform “has not been breached and remains secure”.
