Incident 1275: Purportedly AI-Enhanced Phishing Campaign Allegedly Impersonates Australian Government Services in Large-Scale Welfare Scam

Description: A large-scale phishing campaign allegedly impersonating Services Australia and Centrelink reportedly sent more than 270,000 fraudulent emails in 2025. Mimecast analysts reportedly say attackers (designated MCTO3001) used AI tools to generate highly convincing government-themed messages and evasion techniques, targeting vulnerable Australians and public institutions. Victims reportedly faced risks of credential theft and downstream digital exploitation.

Editor Notes: Timeline note: According to Mimecast, the alleged phishing campaign had reportedly been active for roughly four months prior to publication, with attackers sending an average of 70,000 AI-generated spoofed government emails per month. The activity reportedly appears to have been ongoing from approximately July 2025 through November 2025. The incident ID date of 11/17/2025 is taken from The Sydney Morning Herald's initial reporting.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: Unknown generative AI developers developed an AI system deployed by Unknown cybercriminals and MCTO3001, which harmed Medicare of Australia beneficiaries , Government of Australia , General public of Australia , General public , Centrelink beneficiaries , Centrelink , Australian welfare recipients , Australian businesses , Epistemic integrity and Truth.

Alleged implicated AI systems: Unknown large language models , Unknown generative AI systems , AI-generated phishing content and AI-assisted email impersonation workflows

Incident Stats

Incident ID

1275

Report Count

Incident Date

2025-11-17

Editors

Daniel Atherton

Incident Reports

Reports Timeline

Cybercriminals unleash fake Centrelink scam on vulnerable Australians

smh.com.au

smh.com.au · 2025

More than 270,000 malicious emails impersonating Services Australia and Centrelink have flooded Australian inboxes in one of the nation's largest phishing campaigns in years, with the sophisticated attacks specifically targeting the country…

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.

Seen something similar?

Previous Incident