70,000 Fake Bank Scam Emails Target Australians
▼ Summary
– Mimecast has identified a sophisticated callback scam where criminals impersonate major Australian banks like Westpac and Commonwealth Bank to target companies in education, legal, and insurance sectors.
– Over 70,000 scam attempts were detected in July 2025 alone, with attacks continuing and many more possibly going undetected.
– Scammers send hyper-realistic emails mimicking bank statements with fake unauthorized transactions around $1,500 to create urgency and trick victims into calling fraudulent support numbers.
– The emails prompt recipients to call scammer-controlled numbers where criminals impersonate bank representatives to extract financial details or direct fraudulent transfers.
– Mimecast advises organizations to independently verify banking communications through official channels and report suspected scams to authorities like ScamWatch or the national cyber security hotline.
A sophisticated wave of fraudulent emails, impersonating major Australian banks, has targeted tens of thousands of businesses across the country. Security experts from Mimecast uncovered a highly organized callback scam that has already resulted in over 70,000 detected attempts in just one month, with attacks continuing to impact organizations in the education, legal, and insurance sectors.
Scammers are crafting hyper-realistic email notifications designed to look like official communications from banks such as Westpac, Commonwealth Bank, and Macquarie. These messages are aimed at tricking employees into calling fraudulent support numbers, where criminals posing as bank staff attempt to extract sensitive financial information or direct unauthorized money transfers.
Garrett O’Hara, Senior Director of Solutions Engineering at Mimecast, emphasized the precision of these attacks. He noted that high-value institutions like universities and top law firms are being singled out, with scammers paying meticulous attention to replicating authentic bank statements. The fraudulent emails often display fabricated unauthorized transactions averaging $1,500, creating a false sense of urgency. Details such as fake merchant names, ‘Infinite Holdings’ or ‘Smart Apps’, and references to real Victorian towns like Lockington and Pomonal add to their deceptive appearance.
![Image: A sample of a fraudulent email showing fake bank transaction details]
According to Mimecast, this campaign combines two powerful psychological triggers: the inherent trust people place in their banks and the alarm generated by fake transaction alerts. By requesting a callback, scammers add a layer of interaction that makes the scheme more convincing and dangerous. While callback scams themselves are not new, this latest iteration marks a significant shift toward bank impersonation, with fraudulent emails becoming increasingly difficult to distinguish from genuine correspondence.
Common subject lines used in these scams include “Alert Completed Details Enclosed,” “Financial Summary Sent Recently,” “Invoice Completed Recently,” and “Your Recent Payment: Summary Notification.” Known fraudulent contact numbers linked to the scheme include 03 8256 7521, 02 5621 1059, and 1800 458 259.
O’Hara stressed that legitimate banks will not request urgent callbacks via email. He advised organizations to implement strict verification processes, requiring staff to confirm any suspicious banking communications through official channels and cross-reference phone numbers with those listed on bank websites. Proactive staff training and robust security protocols are essential defenses against such targeted social engineering attacks.
Individuals or businesses that suspect they have been targeted should report the incident to local police, submit a report via ScamWatch.gov.au, or contact the national cybersecurity hotline at 1300 CYBER1 (1300 292 371). Additional reporting can be completed through cyber.gov.au.
(Source: ITWire Australia)