A Digital Close Call

It was early Saturday morning when my Mum’s phone buzzed unexpectedly - A multi-factor authentication (MFA) request via SMS from her MyGov account blinked on her screen—unexpected, out of place, and downright strange. Mum, sharp as ever, didn’t respond to the prompt but knew something wasn’t right. A call to MyGov followed as soon as the helpline opened, though by that time, the attackers had moved on.

The scam itself was chillingly clever, targeting government service accounts like Centrelink to hijack payments. Thankfully, Mum wasn’t an active recipient, and the crooks must have realised they’d barked up the wrong tree. Still, the breach raised an unsettling question: how did they get in when MFA was enabled?

That’s when Mum called me. Together, we set out on a digital whodunit, piecing together clues and trying to uncover the root cause. At first glance, everything looked fine—her Windows Surface and Apple devices were clean as a whistle. Antivirus scans showed no red flags, and Mum hadn’t been involved in any data breaches (thanks to a quick cross-check on Troy Hunt ’s Have I Been Pwned). She was even using a strong password and a password manager for her MyGov account. All signs pointed to a rock-solid setup on her behalf.

But the mystery deepened.

It wasn’t until we connected one of her devices to an isolated network on my home LAN that the cracks began to show. My trusty Ubiquiti Inc. UDR lit up like a Christmas tree, flagging a flurry of rogue traffic. The culprit? A sneaky worm—somehow missed by antivirus software—lurking in the shadows. Suddenly, the pieces of the puzzle started falling into place.

The most likely origin of the infection? A game. One of the grandkids (not my kid, I’ll have you know!) had installed it on her device years ago. The game must have carried a nasty payload, quietly compromising her system and opening a backdoor for malicious activity.

Mum was lucky, but the experience left its mark. Now, she has a shiny new “clean” device that’s strictly off-limits to anyone but her. MyGov, IDCARE , and their quick support deserve a big shout-out for guiding her through the recovery process. It’s a good reminder that even with strong security practices, all it takes is one slip-up—a seemingly harmless game—to open the door to trouble.

The Takeaways

1. MFA Isn’t Foolproof: While it adds a crucial layer of security, it’s not invincible. Attackers are constantly evolving their methods.
2. Network Monitoring Matters: Tools like the Ubiquiti UDR can be invaluable for detecting rogue activity that antivirus programs miss.
3. Device Hygiene is Critical: Shared devices are often weak links in the security chain.
4. Stay Vigilant: Mum’s quick response and refusal to approve the MFA request were key to shutting this down before it escalated.