Incident 1275: Purportedly AI-Enhanced Phishing Campaign Allegedly Impersonates Australian Government Services in Large-Scale Welfare Scam

Description: A large-scale phishing campaign allegedly impersonating Services Australia and Centrelink reportedly sent more than 270,000 fraudulent emails in 2025. Mimecast analysts reportedly say attackers (designated MCTO3001) used AI tools to generate highly convincing government-themed messages and evasion techniques, targeting vulnerable Australians and public institutions. Victims reportedly faced risks of credential theft and downstream digital exploitation.

Editor Notes: Timeline note: According to Mimecast, the alleged phishing campaign had reportedly been active for roughly four months prior to publication, with attackers sending an average of 70,000 AI-generated spoofed government emails per month. The activity reportedly appears to have been ongoing from approximately July 2025 through November 2025. The incident ID date of 11/17/2025 is taken from The Sydney Morning Herald's initial reporting.

Outils

Nouveau rapport Nouvelle Réponse DécouvrirVoir l'historique

Entités

Voir toutes les entités

Alleged: Unknown generative AI developers developed an AI system deployed by Unknown cybercriminals et MCTO3001, which harmed Medicare of Australia beneficiaries , Government of Australia , General public of Australia , General public , Centrelink beneficiaries , Centrelink , Australian welfare recipients , Australian businesses , Epistemic integrity et Truth.

Systèmes d'IA présumés impliqués: Unknown large language models , Unknown generative AI systems , AI-generated phishing content et AI-assisted email impersonation workflows

Statistiques d'incidents

1275

Nombre de rapports

Date de l'incident

2025-11-17

Editeurs

Daniel Atherton

Rapports d'incidents

Chronologie du rapport

Cybercriminals unleash fake Centrelink scam on vulnerable Australians

smh.com.au

smh.com.au · 2025

More than 270,000 malicious emails impersonating Services Australia and Centrelink have flooded Australian inboxes in one of the nation's largest phishing campaigns in years, with the sophisticated attacks specifically targeting the country…

Variantes

Une "Variante" est un incident de l'IA similaire à un cas connu—il a les mêmes causes, les mêmes dommages et le même système intelligent. Plutôt que de l'énumérer séparément, nous l'incluons sous le premier incident signalé. Contrairement aux autres incidents, les variantes n'ont pas besoin d'avoir été signalées en dehors de la base de données des incidents. En savoir plus sur le document de recherche.

Vous avez vu quelque chose de similaire ?

Incident précédent