Now, Queensland’s top cyber crime experts have hatched a plan to start “hacking the hackers.”

Senior Detective Sergeant Corey Schmidt has spent most of his career undercover, catching pedofiles online as part of the ARGOS task force.

He was specially selected to reinvent the way police catch scammers and hackers, using his ARGOS knowledge and skill set.

Currently working in Queensland’s Financial and Cyber Crime Intelligence Command, Detective Schmidt has big plans to sniff out scammers by beating them at their own game, while revealing to The Courier-Mail exactly how scams work and what people can do to avoid them.

How scams work

Mr Schmidt says scammers work in tiered groups, each controlling different steps of the scam process.

“You normally have a team of cold callers and they will literally just be picking random numbers and calling and calling and calling,” Mr Schmidt said.

“And once they get a hook, someone who might say ‘oh I don't know much about computers, but I’ll do whatever you say,’ they think, this guy believes us, were on.

“Then they go all right, I’m going to transfer you through to so and so and that will go to another team, and then these guys are the real targeted scammers that are all over the scam and know all about this game.”

Mr Schmidt’s team mainly focuses on scam detection and money laundering, with some Australians completely unaware that stolen funds are being washed through their accounts.

“The scammers will have an account set up based upon the type of scam, sometimes a mutual account that they're using to pool the money in depending on if it’s a small, if they’re only asking for say, $1000,” Mr Schmidt said.

“This is called a money mule account, which is how the money is laundered and washed.

“Some people own these accounts and may even know money is being funnelled through it and don’t say anything because it’s free money but others genuinely have no idea.
“But if it’s a large amount - and businesses have gone for millions through business compromise emails - they’ll use an account that they know they’ve already been flushing funds through successfully.”

The scammer crack down begins

A majority of Australia’s scam crime is “purposely” committed by people living overseas who know local police are legally bound by their own country’s law, says Mr Schmidt.

To combat this, Queensland’s cyber crime team has started working closely with Australian Federal Police to pass evidence directly onto a scammer’s home country so they can be prosecuted by local authorities.

But Mr Schmidt said international cooperation is still forming and has a long way to go before it’s as effective as the ARGOS global network.

“We don't have any power to say to a service provider in India who owns this IP, who’s a subscriber to this, because they just don’t care, so we gather a little evidence package and send it to the authorities in that country,” he said.

“So what we want to be able to do is to work in a disruption space because, yes I can’t reach India, but with the right legislation, I can wreck his computer lawfully from here.

“That would change that landscape a little bit, put some pressure back on the scammers and push them to reinvent themselves instead of sticking to the same old Nigerian prince scam.

“Imagine if we had the ability, as they're sending us these scam links, I alter one and send it back which locks their computer, and all the meanwhile, their computers responsible for all of that.

“And this badge comes up and it’s like surprise, this is the Queensland Police, and they lose their records and have to reinvest in buying another computer or at least start thinking about who they’re sending these links to.

“It’s just about it’s just about thinking outside the box of traditional policing.”

Mr Schmidt is now awaiting legislative changes to pass through federal parliament, which will providing his cyber security team the legal leeway to start aggressively infiltrating scam rings.
“When you go undercover, you have to take out what's called a controlled operation, which is legislative,” he said.

“It has to be for a seven year offence, so if you’re getting bullied on Facebook, for example, I can’t just start going undercover because bullying is not a high level offence, so setting this kind of task force system up to track them down online is hard in the sense of, there’s only certain offences that we can target.”

“But there’s a heap of legislative reform in relation to adding offences to schedule to like widen our perspective be able to tag people online that has now gone through the CCC and another being looked at in relation to giving us the power to disrupt.

“Then we’ll be trying to, I guess, hack the hackers.”

Scams to watch out for

According to Mr Schmidt, the biggest challenge Australia is facing when it comes to scams is a lack of public education.

“I don’t know anybody that hasn’t heard about the Nigerian prince who’s got $14 billion, that’s still doing the rounds,” he said.

“And while we giggle, the real answer to why that scam is still around is because it still works, people are passing on their ID because they still fall for it.

“So we need to find ways to educate our older population and people who are not computer literate.”

But it’s people who use the same password for multiple accounts that Mr Schmidt says are most vulnerable to scammers.

“You wouldn’t believe how many people repeatedly use the same password,” he said.
“For instance, there's a deal going at Myers or some local shopping centre, and you just need to set up an account to get a 50 per cent discount, everyone picks their usual password so they don’t forget.

“The problem with that is the bank invests millions into protecting your password and these shopping sites couldn’t give a rat’s a** about the technology they’re using to get you to spend, they just want to give you the voucher so you buy the shoes.

“They’re the ones that get hacked.

“There are people out there and this is their whole job, to hack the easy sites and post those people emails and password information on the dark web and other people are just sitting there going through and checking and next minute they’re in your bank.”

Mr Schmidt’s top tip is for people to use both a password manager and two-step verification when signing into their different accounts and social media apps.

He said if more Queenslanders did this, his workload would halve and their risk of being scammed would drop up to 80 per cent.

“If you had a key password, you can just email yourself the little DBK file, which is a little file you can keep your passwords on and have it saved onto your phone and your email, laptop, everywhere you need it so you can access it from anywhere,” he said.

“And two-factor ID should be used in everything, absolutely everything because if you take that small step where it asks you twice to login, doesn't matter what the front end of the scam looks like, the scammer can have that first password but they can’t get through to the next part of the hack.

“It just it takes away 80 per cent of the scams straight away.”

Despite a growing trend of reported scams in Australia and Queensland, Mr Schmidt is hopeful that people will start taking more action to protect their identity and bank accounts, and that a younger, “more computer savvy generation” will soon start making life harder for low-level scammers.

“The next big issue will be crypto, whether we legitimatise that … which is why crypto scams are so big at the moment, because the money can just spread all out and washed,” he said.

“But I think the world is really opening its eyes now to how big a problem scamming actually is because it just bleeds billions of dollars, people are starting to get the idea of hang on we need to this is going to become a massive problem.

“It always leads back to the money.”

Scam stats:

• In 2019, more than 33,000 Queenslanders reported they had experienced a scam, losing more than $27 million in the process.
• The following year, Queenslanders reported roughly 39,000 scams, losing more than $32 million.
• Reporting numbers increased to more than 52,000 scams last year, totalling a $58.5 million loss and already in 2022, Queenslanders have lost a whopping $46 million to scammers, with 23,000 reporting that they’ve been contacted by a scammer between January and July.

The top scams to watch out for:

• Facebook password scams where someone messages you saying a password reset link will be sent to their email
• A message scam where someone asks for a money transfer off someone else’s phone
• A Linkt toll scam asking for users to pay for unpaid toll fares

Schmidt’s tips to avoid scams:

• If an unknown caller rings you, don’t answer with your name, just say hello or G‘day and wait for them to identify themselves
• Download a KeyPass (password manager app)
• Use a two-factor identification tool for social media apps and other accounts
• Never open links, especially ones claiming to be sent from banking institutions -If an organisation is trying to contact you they will do so through the proper channels and will understand if you have not responded due to thinking their message was a scam threat
• Be careful of details given to shopping discount offers or other online website deals as these sites have minimal/cheap security software
• Change ALL passwords if under the impression you’ve been scammed
• Always report scams by calling 1300 292 371, by reporting online, or by visiting your local police station.

• If you've received a scam call on a smartphone, go to your history and hit “report” or “report abuse”. This tags the scammer number and will notify other smartphone users when that number calls them by saying “Mayce Scam” when the caller calls.