NewsBite

Exclusive

Australian tip-off leads police to phishing mastermind in the Ukraine

A tip-off from the AFP has led police to arrest a cyber mastermind whose malicious software was allegedly behind more than half of all phishing scams in Australia in 2019.

Ava Benny-MorrisonAva Benny-MorrisonCrime Reporter
@avabmorrison
less than 2 min read
February 13, 2021 - 9:28PM
The Sunday Telegraph
How to detect and avoid online scams

A hacker behind one of the world’s largest online phishing scams has been arrested in the Ukraine following a tip-off from Australian police

The 31-year-old mastermind and his cyberattack software, Universal Admin (U-Admin), were allegedly behind more than half of all phishing scams in Australia in 2019.

Police arrest the 31-year-old man in the Ukraine. Picture: National Police of Ukraine
Police arrest the 31-year-old man in the Ukraine. Picture: National Police of Ukraine

It is estimated phishing scams cost Australians more than $3 million in the past two years.

The arrest will be a major blow for cybercriminals, who will be reluctant to use the popular hacking software if police have infiltrated it.

“In this case, we allege that this developer not only developed the phishing kit but was also using the tool to do his own phishing campaign,” Australian Federal Police commander cybercrime operations Chris Goldsmid said.

The software has also been used in Italy, Chile, Switzerland and the UK.

The AFP started an investigation into a series of phishing scams in late-2018 following reports from several banks that were targeted.

The scam used the software U-Admin phishing kit to steal user bank login details and redirect outgoing transactions into the hands of hackers.

Police at the arrest scene. Picture: National Police of Ukraine
Police at the arrest scene. Picture: National Police of Ukraine

Unsuspecting bank customers would receive a text ­message requesting them to press on a hyperlink and provide log-in details.

“We are talking about thousands of texts sent to everyday Australians,” Mr Goldsmid said. “The phishing texts were disguised to trick people into clicking links that took them to malicious websites to enter their details.”

Unbeknown to the customers, they were directed to replica banking websites that allowed cybercriminals to gain control of their accounts.

The software also allowed hackers to intercept the multi- factor authentication that was designed to protect banking customers from cybercrimes in the first place.

The Ukrainian man also allegedly conducted demonstrations on the DarkNet on how to use his malicious software and offered technical support.

According to the AFP, the phishing kit has been used to steal tens of millions of dollars from 11 countries.

The AFP handed over its ­investigation to the FBI and the National Police of Ukraine, which led to the arrest in the city of Ternopil earlier this month.

The take-down of the U-Admin developer would “break the trust” people had in using his phishing kit, Mr Goldsmid said.

Phishing scams have skyrocketed in Australia in recent years, with 44,000 reports made last year alone, according to Scamwatch.

More related stories

Original URL: https://www.dailytelegraph.com.au/truecrimeaustralia/police-courts/australian-tipoff-leads-police-to-phishing-mastermind-in-the-ukraine/news-story/f7b78fffb0e5279d8022d01903f15e21