A Sydney man has been charged with allegedly dealing with $3.5 million in proceeds of crime after a corporate email was fraudulently used to deceive the Northern Territory Government.
The Lurnea man, 38, appeared before Liverpool Local Court on Thursday (24 July, 2025). He was granted conditional bail and is scheduled to appear before Campbelltown Local Court on 17 September, 2025.
The AFP's investigations began in November, 2024, after a bank reported an alleged business email compromise (BEC) incident, which resulted in $3.5 million being stolen from a government agency.
The majority of the funds were later recovered, however it will be alleged the man did access some of the money.
On 7 November, 2024, the agency had received an email from an individual who they believed to be a contractor from a construction company they were engaged with.
The sender allegedly provided a completed vendor identification form with updated bank details and appeared to carbon-copy email addresses of other individuals from the construction company.
The AFP will allege the man registered a business to closely resemble the legitimate contractor for the government agency and opened a bank account to receive the fraudulently obtained funds.
The government agency then paid $3,583,363 to the fraudulent bank account believing it was linked to the legitimate construction company.
The other email addresses, which purported to be employees of the construction company, were allegedly fraudulently created to make the scam appear legitimate.
Further inquiries into the phone number linked to the vendor identification form allegedly led police to the man.
Police will allege that on multiple occasions, the man withdrew cash from the bank account which contained the diverted funds.
The AFP executed a search warrant at the man's home on 23 July, 2025. Items seized included electronic devices and documentation pertaining to the company incorporated by the accused.
He was charged with one count of dealing with proceeds of crime, money worth $1,000,000 or more, contrary to section 400.3(2) of the Criminal Code (Cth).
The maximum penalty for this offence is 12 years' imprisonment.
AFP Detective Superintendent Marie Andersson said cybercriminals targeted businesses and individuals that made significant or regular payments.
"In the 2023-2024 financial year, business email compromise and fraud were among the most common self-reported cybercrimes for small, medium and large businesses and individuals in Australia*," Det-Supt Andersson said.
"It is crucial to double check emails, particularly if there is a request for a change in banking details. Call the party you are engaged with to confirm the request is legitimate - and use a phone number that you've previously used or independently verified - don't call a number in the suspicious email.
"If you have fallen victim, report it immediately to your bank and the police to give us the best chance of recovering your money.
"As a result of quick action and preventative measures undertaken by the bank involved, $3,571,760 of the allegedly stolen money was recovered."
ANZ Head of Financial Crime Threat Management, Milan Gigovic, , emphasised the bank's dedication to safeguarding both its customers and the broader financial system.
"Business email compromise (BEC) and impersonation fraud are rapidly evolving and sophisticated scams that exploit the trust between businesses, their partners, and customers," Mr Gigovic said.
"In response to this growing threat, ANZ's Financial Crime team is proactively collaborating with industry, government, and law enforcement agencies - including the Australian Federal Police's JPC3 team - to detect and stop these scams before they cause harm.
"Together, we are strengthening our defences, preventing fraudulent payments and protecting Australian businesses."
*Source: Australian Cyber Security Centre Annual Cyber Threat Report 2023-2024.
The Joint Policing Cybercrime Coordination Centre (JPC3) brings together Australian law enforcement and key industry and international partners to fight cybercrime and prevent harm and financial loss to the Australian community.
We are committed to equipping all Australians with the knowledge and resources to protect themselves against cybercrime.
Watch our cybercrime prevention videos and protect yourself from being a victim of cybercrime.
If there is an immediate threat to life or risk of harm, call 000.
If you are a victim of cybercrime, report it to police using Report Cyber.
