The Australian Federal Police (AFP) have charged four individuals of an alleged cyber-crime syndicate, claiming that the group laundered $1.7 million in stolen cash from victims in Australia and overseas. The AFP also claims that the syndicate was responsible for over 15 cyber-crime incidents between January 2020 and March 2023, allegedly using stolen identities to set up more than 80 bank accounts and transfer the money out of Australia.
The investigation began in October 2021 after an Indonesian business fell victim to a business email compromise (BEC) attack. During the search, investigators seized fake passports, international driver’s licences, luxury handbags and digital devices.
On 23 March, 2023, AFP investigators executed five search warrants across Queensland, Victoria and South Australia. They’ve identified two women from Brisbane, a man from Melbourne and a man from Adelaide who were allegedly responsible for laundering the proceeds from cyber fraud.
The AFP says the group used a range of cyber-crime tactics, including BEC attacks, Facebook Marketplace scams and fraudulent superannuation investments, along with operating around 180 bank accounts to facilitate the theft and then launder profits. Individual losses ranged from $2500 to almost $500,000.
The group allegedly laundered about $1.1 million to bank accounts in South Africa, working with associates who sourced legitimate identity documents and altered the photographs and birth dates so that Australian syndicate members could use them. The majority of the documents belonged to victims in South Africa, some of whom were Australian citizens.
Commander Cybercrime Operations Chris Goldsmid of the AFP said cyber-crimes were increasing – a claim backed by extensive evidence – and that BEC attacks were of particular concern.
“Business email compromise has become a particularly prominent cyber threat, which is why the AFP, through Operation Dolos, remains focussed on protecting Australians who are being targeted in these attacks.
“Australians reported losses of more than $98 million to business email compromise attacks in the past year alone, with an average loss of $64,000 per reported incident.”
Goldsmid urged individuals and businesses to remain hyper-vigilant when conducting online transactions.
According to the AFP, at least some of the alleged crimes happened through BEC attacks, which are indeed common in Australia and worldwide (example: the International Cricket Council recently lost millions to BEC). These attacks rely on email to trick targets into making fraudulent payments or giving up sensitive information that can be used to facilitate other cyber-crimes.
When a BEC scam happens, fast action is your best bet in recovering the funds. An incident response plan can help ensure you react swiftly and efficiently.
But, of course, prevention is always better than cure. Regular training reduces your risk of an employee falling victim to a BEC scam, while strong financial controls protect your organisation from making the wrong payments even if an employee does slip up.
Another factor to keep in mind is that identity theft and similar threats might get more sophisticated if scammers can get access to stolen data – for instance, the type of information stolen from cyber incidents like the Optus hack or recent Latitude Financial breach.
The bottom line is that fraudsters are getting craftier, their technological capabilities are expanding and the growing pool of stolen data makes an unfair fight even more unfair. AP staff are rarely specialists in fraud detection, yet are on the frontlines against financially motivated cyber-crime.
You can fight back by staying informed and updating teams on common tactics. Subscribe to get updates on all the latest scams, risks and anti-payment-fraud solutions.
All the news, tactics and scams for finance leaders to know about in February 2024.
All the news, tactics and scams that finance leaders need to know about in January 2024.
All the news, tactics and scams for finance leaders to know about in November 2023.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
