2 hours ago
2
More than 270,000 malicious emails impersonating Services Australia and Centrelink have flooded Australian inboxes in one of the nation’s largest phishing campaigns in years, with the sophisticated attacks specifically targeting the country’s most vulnerable citizens.
The massive campaign, uncovered by human risk management platform Mimecast, has been bombarding Australians with fake government emails averaging 70,000 messages per month over the past four months, with attackers using artificial intelligence to create near-perfect clones of legitimate government communications.
The emails mimic government correspondence about Medicare, JobSeeker payments, Superannuation, and Family Tax Benefits with alarming accuracy.
The emails mimic government correspondence about Medicare, JobSeeker payments, Superannuation, and Family Tax Benefits with alarming accuracy.Credit: Mimecast.
“This particular attack is a significant cause for concern,” Mimecast senior director Garrett O’Hara told this masthead. “The targeting of the scam is broad and non-specific, so it’s impacting everyday Aussies trying to access essential government services, as well as targeting a wide range of organisations including schools, hospitals, law firms, corporations, and even government agencies themselves.”
The criminal operation, tracked by Mimecast as MCTO3001, is exploiting trusted email platforms including SendGrid, Mailgun, and Microsoft Office 365 to disguise their origins and evade spam filters.
The scammers are using advanced evasion techniques to hide their infrastructure behind legitimate services to make blocking attempts extremely difficult. Getty Images
“These aren’t the clumsy scams of years past,” O’Hara said. “Attackers are using legitimate systems and leveraging detailed knowledge of Australian benefit systems including superannuation, Medicare, JobSeeker payments, and Family Tax Benefits, to make their emails look authentic. They’re exploiting the trust that Australian citizens have in the federal government to deliver their attacks.”
The scammers are using advanced evasion techniques including “reverse tunnelling” – hiding their infrastructure behind legitimate services to make blocking attempts extremely difficult. Some attackers have even compromised real email accounts or hosted fake government login pages on legitimate web services.
“Once a victim clicks a link and enters their details, attackers can gain access to personal or business accounts, leading to data theft, malware installation, or even full-blown ransomware infections,” O’Hara said.
The scale and sophistication of the attacks has raised alarm about AI’s role in cybercrime, and growing evidence that state-backed hackers are exploiting AI systems for cyberattacks. Anthropic, the company behind the Claude AI model, announced on Thursday that Chinese state-backed hackers used Claude to automate roughly 30 attacks on corporations and governments during a September campaign.
‘We’re seeing criminals blend old-school social engineering with cutting-edge evasion techniques.’
Garrett O’Hara, Mimecast senior directorIn those attacks, up to 80 to 90 per cent of the operation was automated with AI, a level higher than previous hacks. The attacks occurred “literally with the click of a button, and then with minimal human interaction,” Anthropic’s head of threat intelligence Jacob Klein said.
The scammers are using advanced evasion techniques to hide their infrastructure behind legitimate services to make blocking attempts extremely difficult. Credit: Getty Images
While attribution of the Australian attacks remains difficult, Mimecast’s threat intelligence team believes the criminals are using AI to generate convincing phishing emails and potentially create post-delivery malware.
“It’s impossible to say for sure the degree to which AI is currently being used by criminals, but the level of sophistication for attacks is increasing very quickly,” O’Hara said. “We’re seeing criminals blend old-school social engineering with cutting-edge evasion techniques. They’re not slowing down, they’re evolving quickly, so AI is almost certainly playing a part.”
Loading
The targeting of welfare services means vulnerable Australians are disproportionately at risk. “The most vulnerable people in society” are being targeted, O’Hara said. “It’s particularly sickening.”
Mimecast advises Australians who receive suspicious government emails to avoid clicking links or downloading attachments. Instead, they should navigate directly to myGov through their browser to verify any communications.
The Department of Home Affairs was contacted for comment. Anyone who receives suspicious emails should report them to ScamWatch.gov.au or call the national cybersecurity hotline at 1300 CYBER1 (1300 292 371). Reports can also be made at cyber.gov.au.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.
Most Viewed in Technology
Loading
