Mimecast expects cybercriminals are using AI to create sophisticated clones of legitimate government emails.(Source: Getty/Mimecast)
Australians are being bombarded with tens of thousands of fake emails impersonating Centrelink and Services Australia in one of the biggest phishing campaigns in years. Cybercriminals are using artificial intelligence to create “super clones” of legitimate messages, making them increasingly difficult to spot.
More than 270,000 of the malicious emails have been detected in the past four months by human risk management platform Mimecast. The emails mimic legitimate communications and leverage information about benefits like superannuation, JobSeeker payments, Medicare and Family Tax Benefits.
Mimecast senior director of solutions engineering Garrett O’Hara told Yahoo Finance it was one of the “biggest” phishing campaigns the group had seen in the past three years.
RELATED
“It’s not targeted at any specific organisation, which we do see sometimes. It’s really quite a broad attack and honestly an attack on fairly vulnerable people when you think about the services involved here, which is kind of sickening,” he said.
While it’s unclear the degree to which AI is being used, O’Hara said the convincing and large scale nature of the scam meant it was almost certainly playing a part.
“If you start to look at the phishing scams that are coming through now they’re actually very excellent. They’re so, so convincing and that’s no accident,” he said.
“You remember the advice to look for grammar that’s wonky or syntax, that’s all gone … [We’re] seeing a perfectly written email, really in any language, with good syntax and perfect grammar and exactly the same layout as the real deal – that’s trivial to do with AI.”
Do you have a story to share? Contact tamika.seeto@yahooinc.com
Mimecast’s Garrett O’Hara has urged people to slow down and not click any links provided in the emails. (Source: Mimecast)
In some cases, scammers can go a step further by compromising real email accounts and hosting fake government login pages on legitimate web services, making them even harder to detect.
Once you click a link and enter your details, attackers are able to gain access to your personal or business accounts, which can lead to data theft, malware installation, or ransomware infections.
O’Hara said there were major consequences potentially at stake, including identity theft.
“A lot of people, unfortunately, they still use the same email address and passwords for lots of different services,” he said.
“If you’re doing that and you’re getting compromised as part of this attack, there’s a thing called credential stuffing where they take the credentials they’ve stolen in a previous attack and then they just try different platforms.”
Story Continues
The emails will try and create a sense of urgency and get you to click a link. (Source: Mimecast)
Services Australia confirmed to Yahoo Finance it was aware of the scams, but it’s understood it is not seeing a significant increase.
“It’s an unfortunate reality that phishing scams are becoming more sophisticated. Our advice remains the same on this ongoing threat,” Services Australia general manager Hank Jongen said.
“The most important advice is not to click on links in email scams claiming to be from Services Australia or myGov. We won’t send links in text messages or emails asking you to sign into your myGov account or Centrelink online account.”
Services Australia will never send you a link, attachment or QR code in an email or text message. Additionally, if the website URL doesn’t end in ‘.gov.au’ then it is not an official government website.
The government agency shares active scams on its website, including myGov phishing emails which include a link, button or icon that takes you to a fake myGov website.
Aussies who have clicked on a suspicious link or given out their personal details are advised to call Services Australia’s Scams and Identity Theft Helpdesk on 1800 941 126.
“Remember to always type my.gov.au into your website browser so you know you have the real myGov website, or use the official myGov app,” Jongen said.
Aussies can also set up passkeys in myGov, a digital ID, or a passphrase and two-factor authentication for help keep their account safe.
O’Hara said scammers would try to evoke an emotional reaction to convince you to click a link, such as claiming your account has been compromised or your payment will be suspended.
“If you’re seeing that kind of very emotional or anything in any email that’s evoking that response, just pause, take a breath,” he said.
“Then the biggest thing I would say is don’t click on the link. Go to myGov through the internet. Sit down at your desk or laptop or on your phone, and just open your browser and go to myGov directly and log in directly without clicking on the link within the email.”
If it’s real, you will see a notification or message in your myGov inbox. Alternatively, you can also call Centrelink directly and check.
O’Hara said many organisations now do not send links within emails or ask for your personal information via email.
While the downside of this is ease of use, O’Hara said it was worth it.
“I think that’s a valuable trade-off. I’d much rather take an extra two minutes to do something then have the potentially huge impact of credential theft or credential harvesting,” he said.
Get the latest Yahoo Finance news – follow us on Facebook, LinkedIn and Instagram.