Bogus Websites Continuing to Harvest Data From NDIS Clients

0

Written by staff writer.

A fake website registered in the United States impersonating a bona fide Sydney-based organisation is the latest attempt by cybercriminals to leverage the National Disability Insurance Scheme (NDIS) to defraud disabled Australians and taxpayers.

The phony website, australianagedanddisabilitycare, has the same name as a genuine NDIS provider, Australian Disability and Aged Care (ADACare). The slick imitation site pretends to offer many of the same support services as ADACare and provides an Australian mobile number as a contact point. Phone calls to the number by this media outlet rang out. An online inquiry form asks for a potential client’s name, address, NDIS number, and existing NDIS plan. No street address is provided.

In its 2023/23 Federal Budget, the Australian Government said it would allocate AUD48.3 million over the next 12 months to fight cyber-criminals targeting NDIS clients. At the time, NDIS and Government Services Minister Bill Shorten said he had evidence of sophisticated cyber criminals attempting “egregious fraud” against NDIS clients. He said they created websites using fake identities that made promises to deliver services while harvesting the personal data of clients to claim for services never provided. NDIS fraud, which includes scams beyond bad actors collating data from fake websites, is estimated to cost Australian taxpayers billions of dollars annually. It can also cause substantial distress at the individual level for NDIS clients.

Shorten has highlighted the practices of ghosting (creating fake invoices for non-existent clients), physical threats against real NDIS clients, and over-charging as standard methods to defraud NDIS. However, he has not explicitly addressed the danger of fake websites targeting often vulnerable people. Further, while the NDIS Fraud Taskforce, a partnership between the National Disability Insurance Agency (NDIA), the Australian Federal Police (AFP) and Services Australia, has successfully effected several prosecutions against Australia-based NDIS fraud syndicates, its ability to investigate and prosecute the individuals behind australianagedanddisabilitycare is limited. The scam site is believed to be registered in Arizona and is hosted by GoDaddy. The domain was created on May 26, 2023.

Shorten says the fraud task force has increased its fraud detection capabilities and accuses the previous Australian Government of making it hard for disabled people to access the scheme while making it easy for criminals. “I am absolutely determined to ensure every dollar of NDIS funding goes to the people for whom it was intended,” he says. However, the recurring problem of domestic and offshore criminals creating fake websites to collect personal data suggests the current government has some way to go to make good on its aim of cracking down on NDIS fraud. At the time of publishing, the fake australianagedanddisabilitycare website remained active.

Earlier this month, a Melbourne-based healthcare startup called Kismet won AUD4 million in seed funding from venture capitalists to develop user-friendly software that will allow NDIS clients to track how their funding is spent and also to see an Australia-wide list of verified and approved providers. Founder Mark Woodland says one of its many benefits would be to “stamp out” NDIS fraudsters. Others have an even simpler solution to help combat NDIS fraud, cyber and otherwise. They say NDIS clients should approve and sign off on all invoices for services about a certain amount.

Share.