Callback Scam Campaigns Impersonating Major Australian Banks
24 September 2025
By Rikesh Vekaria, Hiwot Mendahun and the Mimecast Threat Research Team
- 70,000+ detections of callback scam campaigns targeting Australian organizations
- Multi-bank impersonation targeting Westpac, Commonwealth Bank, and Macquarie
- High-value targets including education, legal, and insurance sectors across Australia
- Social engineering through fake unauthorized transaction notifications designed to trigger urgent callbacks
Campaign Overview
The Mimecast Threat Research team has identified large-scale callback scam campaigns in July 2025, with over 70,000 detections targeting Australian organizations. These campaigns impersonate major Australian financial institutions including Westpac Banking Corporation, Commonwealth Bank of Australia, and Macquarie Bank to deceive recipients into calling fraudulent phone numbers.
The attack methodology centers on sophisticated email templates designed to mimic legitimate bank account statements. Recipients receive professionally crafted emails showing unauthorized transactions of around $1,500, creating immediate urgency and concern. The emails include specific transaction details such as fake merchant names ("Infinite Holdings," "Smart Apps"), Victorian locations (Lockington, Pomonal), and authentic-looking reference codes.
This approach aligns with known Australian bank impersonation tactics, where scammers leverage official-looking communications to establish credibility before directing victims to contact fraudulent support numbers.
Once victims call the fraudulent numbers, scammers impersonate bank representatives and use social engineering techniques to extract personal financial information, account credentials, or direct victims to complete fraudulent transactions while being kept on the line as long as possible.
Mimecast Protection
Mimecast's advanced threat detection capabilities have successfully identified and blocked these callback scam campaigns through multiple protection layers.
Targets
Australia Industries Heavily Targeted:
- Education sector
- Legal services
- Insurance companies
Indicators of Compromise (IOCs)
Common Subject Lines:
- Alert Completed Details Enclosed
- Financial Summary Sent Recently
- Invoice Completed Recently
- Your Recent Payment: Summary Notification
Fraudulent Contact Numbers:
- 0382567521
- 0256211059
- 1800458259
Technical Indicators:
- X-Mailer: Private Node Mailer
Recommendations
Immediate Actions:
- User Awareness Training: Educate staff about callback scam tactics, emphasizing that legitimate banks will never request urgent callbacks via email for transaction disputes
- Verification Protocols: Implement policies requiring independent verification of any banking communications through official channels before taking action
- Phone Number Validation: Maintain databases of legitimate bank contact numbers for verification purposes
Ongoing Monitoring:
- Threat Hunting: Search email logs for Private Node Mailer headers and similar technical indicators
- Pattern Recognition: Monitor for additional Australian bank impersonation attempts with similar transaction alert formats
Keep your edge in threat intelligence
Join thousands of security professionals who rely on our curated alerts, expert analysis, and campaign IOCs to defend against the latest cyber threats.
Sign up successful
Thank you for signing up to receive updates for our threat intelligence notifications.
We will be in touch!