Insurance is among the three most targeted industries in a scam involving criminals expertly impersonating Australia’s large banks.

Cybersecurity platform Mimecast says education operators and law firms are also a focus for crooks trying to extract money via emails urging recipients to call fake bank phone numbers.

It has detected tens of thousands of “hyper-realistic” notifications impersonating banks including Westpac, Commonwealth and Macquarie.

“This is a highly effective and worrying evolution of social engineering scams,” Mimecast director Garrett O’Hara said. “We see this threat evolving to target a much larger number of Australians, so awareness about it is very important

“These attacks stand out from the rest because of the precision by the attackers towards high-value targets ... [and] the attention to detail by the scammers.”

Fake emails mimicking legitimate account statements that show unauthorised transactions of about $1500 create “immediate urgency and concern”, Mr O’Hara says. They prompt recipients to call phone numbers controlled by the scammers, who then encourage fraudulent transfers.

Common subject lines include “Alert Completed Details Enclosed”, “Financial Summary Sent Recently”, “Invoice Completed Recently” and “Your Recent Payment: Summary Notification.” The fraudulent contact numbers include 03 8256 7521, 02 5621 1059 and 1800 458 259.

The emails also contain fake merchant names Infinite Holdings or Smart Apps, or locations Lockington and Pomonal, along with authentic-looking reference codes.

Mr O’Hara says staff should independently verify communications through official bank channels and check phone numbers.

“Legitimate banks will not request urgent callbacks via email,” he said.