A phishing attack involving a “malicious email with a voicemail attachment” was sent to more than 1300 staff members at the Department of Agriculture and Fisheries (DAF) on Friday, which prompted staff to log back in after hours and change their passwords.

A department spokesman said security protocols and concerned staff flagged the suspicious activity to the IT team who took “immediate action” which involved contacting any staff who were impacted.

So far, the department hasn’t found the system to be compromised at all and no staff members had entered details into the phishing link.

“Although no further activity was detected over the weekend and the ongoing risk is assessed as low, the situation will continue to be investigated and monitored,” the spokesman said.

“DAF conducts regular staff training exercises to raise awareness of the dangers of phishing attacks and has in place well established protocols to address cyber-attacks.”

Cyber Security expert at Griffith University Dr David Tuffley said the email appeared to be a standard phishing attack which could have resulted in a data breach if staff engaged with it.

“If they clicked on the link then it almost certainly would’ve installed a Malware onto their computer which would’ve recorded their log in details,” he said.

“Their log in would’ve been captured and someone would then have access to the government system and network. They can then access private data and interfere with it, if they don’t download it they could corrupt it.”

A spokesman for the state Department of Communities, Housing and Digital Economy – in which the Cyber Security Unit sits – said a number of government agencies have reported “increased levels” of phishing emails in the past fortnight.

“In instances like this, new threats are analysed and blocked and Queensland Government agencies are alerted with detailed information to enhance their ability to prevent and detect similar threats,” he said.

The spokesman said phishing attempts are common across private and public sector agencies and are not believed to be targeted specifically towards the government.

There are a range of security and process controls set to avoid or limit these types of attacks in government agencies including multi-factor authentication and user awareness training.

Dr Tuffley said cyber scams were getting more sophisticated and more common throughout the years.

“As I understand the emails that get used for these sorts of attempts can be purchased from the dark web for a sum of money. Basically you can buy email addresses, and it’s a criminal act, but you can then send an email to all of them at once,” he said.

“We’re seeing more and more of it and that’s the worrying thing … If one source is shut down, an alternate source will turn up the next day, it’s like a game of whack a mole. That’s the nature of cyber hacking these days.”