Key Points
- 70,000+ detections of callback scam campaigns targeting Australian organizations
- Multi-bank impersonation targeting Westpac, Commonwealth Bank, and Macquarie
- High-value targets including education, legal, and insurance sectors across Australia
- Social engineering through fake unauthorized transaction notifications designed to trigger urgent callbacks
Campaign Overview
The Mimecast Threat Research team has identified large-scale callback scam campaigns in July 2025, with over 70,000 detections targeting Australian organizations. These campaigns impersonate major Australian financial institutions including Westpac Banking Corporation, Commonwealth Bank of Australia, and Macquarie Bank to deceive recipients into calling fraudulent phone numbers.
The attack methodology centers on sophisticated email templates designed to mimic legitimate bank account statements. Recipients receive professionally crafted emails showing unauthorized transactions of around $1,500, creating immediate urgency and concern. The emails include specific transaction details such as fake merchant names ("Infinite Holdings," "Smart Apps"), Victorian locations (Lockington, Pomonal), and authentic-looking reference codes.
This approach aligns with known Australian bank impersonation tactics, where scammers leverage official-looking communications to establish credibility before directing victims to contact fraudulent support numbers.
Once victims call the fraudulent numbers, scammers impersonate bank representatives and use social engineering techniques to extract personal financial information, account credentials, or direct victims to complete fraudulent transactions while being kept on the line as long as possible.
Please click here to read the entire article. We welcome your questions; please ask them by posting a comment below.
Dimakatso Makinta
