Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
More than 70,000 callback scam emails targeted Australians in July 2025 alone, according to new research.
Sophisticated scammers posing as Australia’s big four banks sent more than 70,000 scam emails throughout July 2025, targeting organisations in the insurance, legal, and education sectors.
Risk management firm Mimecast spotted the campaign, but admitted that many more emails may have gone undetected. And according to the company, the campaign is ongoing.
“This campaign is particularly concerning because it blends two powerful tactics – the trust Australians place in their banks and the urgency created by fraudulent transaction alerts,” Garrett O’Hara, senior director of solutions engineering at Mimecast, said in a recent statement.
“The impersonation of Australian banks combined with a callback request makes this a highly effective and worrying evolution of social engineering scams.”
Historically, callback scam campaigns typically pose as services like PayPal, but the latest intelligence suggests a move towards impersonating banks using increasingly realistic email notifications.
“We see this threat evolving to target a much larger number of Australians, so awareness about it is very important,” O’Hara said.
Common subject lines include “Alert Completed Details Enclosed”, “Financial Summary Sent Recently”, “Invoice Completed Recently”, and “Your Recent Payment: Summary Notification”. The scam phone numbers used include “03 8256 7521”, “02 5621 1059”, and “1800 458 259”.
“Legitimate banks will not request urgent callbacks via email,” O’Hara said.
“Organisations should require staff to independently verify banking communications through official bank channels and ensure that any phone numbers are checked against legitimate banking contact details.
“The scale of the attack we have detected demonstrates that Australian businesses are firmly in the sights of scammers. Organisations that proactively train staff and put in place strong verification processes will be far better placed to avoid falling victim.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
