Alert: phishing attack targeting Victorian government employees

3 June 2022
On 2 June 2022, a sophisticated phishing attack targeting Victorian government employees was detected.

The attackers are hijacking law firm accounts and sending emails to government employees for the purpose of gaining login credentials to infiltrate government systems and applications.

To date, there have been no successful attempts identified however the Department is advising funded agencies to be on the alert.

Recommended Actions:

  • Advise your staff to exercise ongoing vigilance with their emails. Remind staff to not reply or click on any content/links from senders that are suspicious or not identifiable.
  • Enable multi-factor authentication for all work accounts as soon as possible. It is recommended you also encourage staff to activate multi-factor authentication on personal accounts or subscriptions to prevent being personally targeted.
  • Speak with your IT team or IT service provider to enable cyber defence mechanisms such as spam filters to block phishing emails. ​​​​​​
  • Stay informed of the latest news and threats via the VPDSS SharePoint Site and ACSC Advisories
  • Alert the Department's Cyber Security Team if your agency is impacted by a phishing attack or incident. Email: