Australians fleeced of $98 million as the AFP return $45m to those duped by email scams
Aussie mum and dad businesses are targeted by criminal gangs who see them as an “easy payday” that costs on average $64,000 per scam. But you can fight back – see how.
Hacking
Don't miss out on the headlines from Hacking. Followed categories will be added to My News.
Exclusive: Criminal gangs are recruiting cyber sleuths with highly-technical skills to target Australian ‘mum and dad’ businesses whom they see as an “easy payday”.
One of the main ways fraudsters are stealing money is by cracking into people’s email accounts and then altering the bank account details on real invoices.
On average businesses lose $64,000 per scam.
Cyber criminal networks based in Africa and Eastern Europe are behind the online scams, as well as local fraudsters and gangs.
“Cybercrime is the break-in of the 21st Century,’’ the AFP’s Cybercrime Operations Commander Chris Goldsmid said.
“And for many in the community it is reimagining what a crime scene looks like.”
He said there was a rising demand for cyber criminals.
“They have highly technical skills and provide their services to other criminals,” Commander Goldsmid said.
Latest figures show Australian businesses were fleeced of more than $98 million in 2021 – 2022, with the Australian Federal Police on Sunday launching a campaign to help victims identify fraudulent activity as well as what they can do to help get their money back.
Watch our video above to see how fake email scams work.
As well as fake invoices, crooks are also impersonating employees, using compromised email accounts to initiate a fraudulent business transaction, redirect payment of their individual salary or trick employees into revealing sensitive business information.
Despite the increasingly sophisticated cybercrime networks, the AFP alongside its crime fighting partners – under Operation Dolos – have managed to return $45m of stolen money back to businesses in the past three years, sometimes with just seconds to spare before funds are transferred out of the country.
In May, Victorian police contacted the AFP after $814,000 property settlement funds were
redirected to another bank account. The account was blocked and $505,000 was recovered. Another $100,000 was recovered despite being transferred to two other banks.
Commander Goldsmid said if businesses want to get their money back, they need to act fast, with criminals moving the stolen funds out of the country into offshore accounts as soon as possible, or changing it into cryptocurrency.
The money is often laundered by ‘money mules’, who knowingly, or sometimes are tricked, into allowing ill gotten funds to go through their bank accounts.
Watch the video below to learn how money muling works.
In February, 31-year-old Annelise Sunderland, from Sydney, admitted sending a fake email which almost saw a Canberra new homebuyer defrauded of $1m.
The money was transferred into a bank account belonging to Sunderland, who police said was akin to a “money mule” and operated on behalf of unknown criminals involved in large scale internet fraud.
She received a 20-month intensive corrections order.
Commander Goldsmid said businesses who have been successful in regaining their stolen money generally alerted the police via ReportCyber and their bank within 24 hours.
He said all businesses were at risk, from big corporations to the fish and chip shop on the corner, with some smaller ones going under due to the theft of such large sums.
“Businesses, especially mum-and-dad businesses, are the engine room of Australia.
“Business owners work hard and the AFP is working hard to protect them from the cyber criminals looking for an easy payday.”
Commander Goldsmid said one way to stop this crime in its tracks is to call and check bank account numbers before making large transfers.
Other advice is not to open links or attachments in suspicious emails or from people you don’t know and train your employees to recognise potential phishing emails.
The AFP has released tips and information about: business email compromise; ransomware/extortion; remote access scams; malicious software; botnets; key loggers; viruses and worms; online shopping scams; remote access trojans and, money muling.
If you have been a victim of cybercrime report it immediately to Cyber.gov.au/report and your bank.
HOW TO PROTECT YOUR BUSINESS AND ACCOUNTS:
1. Don’t open links or attachments in suspicious emails or from people you don’t know and
train your employees to recognise potential phishing emails.
2. Limit levels of access within your business to minimise risk and ensure access is revoked
when employees change roles or leave the business.
3. Move away from simple passwords and consider using multifactor authentication and
strong passphrases.
4. Always confirm account details prior to making any transaction.
Source: AFP
More Coverage
Originally published as Australians fleeced of $98 million as the AFP return $45m to those duped by email scams
Join the conversation
Trump campaign confirms it was hacked
Donald Trump’s campaign has blamed Iran for breaking into its data after a media outlet received documents from inside the campaign operation.
Read more
Scammer swindles $900k from small business
There’s a disturbing trend of sophisticated scams swindling huge sums of money from honest Aussies, with the latest steal involving genuine-seeming invoices.
Read more