Australian Federal Police investigators have charged a 38-year-old Sydney man for stealing more than $100,000 in an illegal SMS phishing scam.
The AFP arrested the man at a premises near his home in the Sydney suburb of Ryde on Wednesday, 24 November 2021, and charged him over the alleged theft of more than $100,000 from the banks and telecommunications accounts of more than 450 victims.
The 38-year-old was refused bail and remanded in custody to next appear at Hornsby Local Court on 20 January 2021, charged with three offences.
Phishing is the fraudulent practice of sending SMS and emails claiming to be from reputable companies (such as banks or phone providers) to try and convince victims to reveal personal information, such as passwords and credit card numbers.
The investigation began in September 2021, when the AFP obtained information about suspicious website registrations suspected of being used to phish customers of Australian telecommunications providers and financial institutions.
It will be alleged the man used these webpages to lure Australian victims to enter their personal information, which he would subsequently use to access their telephone accounts, bank accounts and create new accounts without their knowledge.
Police will allege this particular scam started in 2018 and targeted customers of the Commonwealth Bank of Australia, National Australia Bank and Telstra, among others.
The AFP has worked with Commonwealth Bank of Australia, National Australia Bank and Telstra to identify victims who had entered information into these phony webpages. The companies placed additional security protocols on those account holders, helping prevent more than $4 million from being stolen from the accounts of another 16,000 Australians.
Investigators have so far allegedly linked the man to more than $100,000 taken from the accounts of 450 people. Enquiries are continuing to determine the full extent of this fraud.
AFP officers charged the man on Wednesday (24 November 2021) after executing a search warrant at his home in Ryde in conjunction with NSW Police Cybercrime Squad, where they seized drug paraphernalia, multiple sim cards, bank cards, electronic devices, mobile telephones and storage devices. These devices will now be the subject of further forensic examination.
Following a second search warrant executed by the AFP at a hotel in the Sydney CBD, a 36-year-old man was arrested and charged by NSW Police. The man was scheduled to appear before Central Local Court on 25 November 2021, charged with dishonestly obtain financial advantage by deception and possess identification information to commit, facilitate commission of an indictable offence, contrary to the Crimes Act 1900.
AFP Commander Cybercrime Operations Chris Goldsmid said scammers will use any tools they can to exploit people. The internet and other new technologies provide opportunities to remotely access more potential victims.
“The AFP is responsible for preventing, disrupting and investigating cybercrime offences with significant impact on the Australian economy,” Commander Goldsmid said.
“We encourage people to protect themselves against phishing scams by carefully reviewing emails or SMSs before clicking on any links. Anyone who believes they have been a victim of a phishing scam, or who sees anomalies in their banking transactions should contact their bank and also report the matter via Report Cyber at cyber.gov.au.”
The 38-year-old has been charged by the AFP with:
- Unauthorised access, modification or impairment with intent to commit a serious offence, contrary to section 477.1 of the Criminal Code (Cth);
- Producing, supplying or obtaining data with intent to commit a computer offence, contrary to section 478.4 of the Criminal Code (Cth); and
- Deal in proceeds of crime worth AUD100,000 or more, contrary to section 400.4(1) of the Criminal Code (Cth).
The maximum penalty for these offences is three years’ imprisonment, three years’ imprisonment and 20 years’ imprisonment, respectively.