Purportedly AI-Enhanced Phishing Campaign Allegedly Impersonates Australian Government Services in Large-Scale Welfare Scam

Over the past four months, criminals launched one of Australia's largest phishing campaigns, sending more than 270,000 malicious emails impersonating Services Australia and Centrelink at an average rate of 70,000 messages per month. The attackers used artificial intelligence to create near-perfect clones of legitimate government communications about Medicare, JobSeeker payments, Superannuation, and Family Tax Benefits. The campaign, tracked as MCTO3001 by Mimecast, exploited trusted email platforms including SendGrid, Mailgun, and Microsoft Office 365 to disguise origins and evade spam filters. The criminals employed advanced evasion techniques including 'reverse tunnelling' to hide infrastructure behind legitimate services and compromised real email accounts to host fake government login pages. The attacks specifically targeted vulnerable Australians seeking essential government services, as well as organizations including schools, hospitals, law firms, corporations, and government agencies. When victims clicked links and entered details, attackers could gain access to personal or business accounts, leading to data theft, malware installation, or ransomware infections. The sophistication level suggests AI was used to generate convincing phishing content and potentially create post-delivery malware, representing a significant escalation in cybercriminal capabilities.