Fake ‘Services Australia’ & ‘Centrelink’ emails trick thousands in new nationwide scam
This piece is freely available to read. Become a paid subscriber today and help keep Mencari News financially afloat so that we can continue to pay our writers for their insight and expertise.
Today’s Article is brought to you by Empower your podcasting vision with a suite of creative solutions at your fingertips.
Mimecast, a human risk management platform, has revealed that cybercriminals are bombarding Australians with tens of thousands of fake government emails in a massive new phishing campaign that uses the names of trusted agencies like Services Australia and Centrelink to trick unsuspecting victims.
The huge campaign, uncovered by Mimecast’s Threat Research Team, has seen more than 270,000 malicious emails detected in the past four months, making it one of the most significant campaigns in the past three years in Australia.
Truth matters. Quality journalism costs.
Your subscription to Mencari directly funds the investigative reporting our democracy needs. For less than a coffee per week, you enable our journalists to uncover stories that powerful interests would rather keep hidden. There is no corporate influence involved. No compromises. Just honest journalism when we need it most.
Not ready to be paid subscribe, but appreciate the newsletter ? Grab us a beer or snag the exclusive ad spot at the top of next week's newsletter.
The emails are extremely sophisticated clones of the originals and often appear to be coming government departments. But behind the scenes, these are sent by threat actors abusing well-known, reputable email platforms such as SendGrid, Mailgun, and Microsoft Office 365, to disguise their origins and slip past spam filters.
“This particular attack is a significant cause for concern,” said Garrett O’Hara, Senior Director, Solutions Engineering at Mimecast. “The targeting of the scam is broad and non-specific, so it’s impacting everyday Aussies trying to access essential Government services, as well as targeting a wide range of organisations including schools, hospitals, law firms, corporations, and even government agencies themselves.”
The criminal operation, known as MCTO3001, are sending out mass waves of phishing messages every month and – to the untrained eye – the emails are very hard to differentiate from legitimate emails sent out by the likes of Services Australia and Centrelink.
“These aren’t the clumsy scams of years past,” Garrett added. “Attackers are using legitimate systems and leveraging detailed knowledge of Australian benefit systems including Superannuation, Medicare, JobSeeker payments, and Family Tax Benefits, to make their emails look authentic. They’re exploiting the trust that Australian citizens have in the Federal Government to deliver their attacks.”
In many cases, scammers even go a step further by compromising real email accounts or hosting fake government login pages on legitimate web services, making detection even harder.
“Once a victim clicks a link and enters their details, attackers can gain access to personal or business accounts, leading to data theft, malware installation, or even full-blown ransomware infections,” Garrett added.
“Cybercriminals are continuing to evolve with new attacks every year, which are becoming increasingly difficult to spot for everyday Aussies. It’s a trial-and-error process for the criminals, and there are many ‘trials’ being thrown at the Australian public.”
Mimecast Threat Intelligence Team has also observed attackers using text obfuscation and obscure web hosting providers to dodge security filters, and they warn that AI-powered phishing could make future attacks even more convincing.
“It’s impossible to say for sure the degree to which AI is currently being used by criminals, but the level of sophistication for attacks is increasing very quickly,” Garrett added. “We’re seeing criminals blend old-school social engineering with cutting-edge evasion techniques. They’re not slowing down, they’re evolving quickly, so AI is almost certainly playing a part.”
Mimecast’s research suggests the volume of this campaign by MCTO3001 is higher than most, averaging nearly 70,000 emails per month, however it does fluctuate month to month. Each successful phishing attempt can open the door to devastating consequences – unauthorised access to sensitive data, operational disruption, reputational damage, and financial loss.
Anyone who receives a suspicious email claiming to be from the government should avoid clicking links or downloading attachments, and contact police, report it to ScamWatch.gov.au, or call the national cyber security hotline at 1300 CYBER1 (1300 292 371). Reports can also be made at cyber.gov.au
Sustaining Mencari Requires Your Support
Independent journalism costs money. Help us continue delivering in-depth investigations and unfiltered commentary on the world's real stories. Your financial contribution enables thorough investigative work and thoughtful analysis, all supported by a dedicated community committed to accuracy and transparency.
Subscribe today to unlock our full archive of investigative reporting and fearless analysis. Subscribing to independent media outlets represents more than just information consumption—it embodies a commitment to factual reporting.
As well as knowing you’re keeping Mencari (Australia) alive, you’ll also get:
Get breaking news AS IT HAPPENS - Gain instant access to our real-time coverage and analysis when major stories break, keeping you ahead of the curve
Unlock our COMPLETE content library - Enjoy unlimited access to every newsletter, podcast episode, and exclusive archive—all seamlessly available in your favorite podcast apps.
Join the conversation that matters - Be part of our vibrant community with full commenting privileges on all content, directly supporting The Evening Post (Australia)
Catch up on some of Mencari’s recent stories:
It only takes a minute to help us investigate fearlessly and expose lies and wrongdoing to hold power accountable. Thanks!