NewsBite

Exclusive

Australians fleeced of $98 million as the AFP return $45m to those duped by email scams

Aussie mum and dad businesses are targeted by criminal gangs who see them as an “easy payday” that costs on average $64,000 per scam. But you can fight back – see how.

Business Email Compromised explained

Exclusive: Criminal gangs are recruiting cyber sleuths with highly-technical skills to target Australian ‘mum and dad’ businesses whom they see as an “easy payday”.

One of the main ways fraudsters are stealing money is by cracking into people’s email accounts and then altering the bank account details on real invoices.

On average businesses lose $64,000 per scam.

Cyber criminal networks based in Africa and Eastern Europe are behind the online scams, as well as local fraudsters and gangs.

“Cybercrime is the break-in of the 21st Century,’’ the AFP’s Cybercrime Operations Commander Chris Goldsmid said.

“And for many in the community it is reimagining what a crime scene looks like.”

He said there was a rising demand for cyber criminals.

“They have highly technical skills and provide their services to other criminals,” Commander Goldsmid said.

Latest figures show Australian businesses were fleeced of more than $98 million in 2021 – 2022, with the Australian Federal Police on Sunday launching a campaign to help victims identify fraudulent activity as well as what they can do to help get their money back.

Watch our video above to see how fake email scams work.

AFP Commander Cybercrime Operations Chris Goldsmid. Picture: Supplied
AFP Commander Cybercrime Operations Chris Goldsmid. Picture: Supplied

As well as fake invoices, crooks are also impersonating employees, using compromised email accounts to initiate a fraudulent business transaction, redirect payment of their individual salary or trick employees into revealing sensitive business information.

Despite the increasingly sophisticated cybercrime networks, the AFP alongside its crime fighting partners – under Operation Dolos – have managed to return $45m of stolen money back to businesses in the past three years, sometimes with just seconds to spare before funds are transferred out of the country.

In May, Victorian police contacted the AFP after $814,000 property settlement funds were

redirected to another bank account. The account was blocked and $505,000 was recovered. Another $100,000 was recovered despite being transferred to two other banks.

Commander Goldsmid said if businesses want to get their money back, they need to act fast, with criminals moving the stolen funds out of the country into offshore accounts as soon as possible, or changing it into cryptocurrency.

The money is often laundered by ‘money mules’, who knowingly, or sometimes are tricked, into allowing ill gotten funds to go through their bank accounts.

Watch the video below to learn how money muling works.

Money Muling explained

In February, 31-year-old Annelise Sunderland, from Sydney, admitted sending a fake email which almost saw a Canberra new homebuyer defrauded of $1m.

The money was transferred into a bank account belonging to Sunderland, who police said was akin to a “money mule” and operated on behalf of unknown criminals involved in large scale internet fraud.

Annelise Sunderland as she left Parramatta court. Picture: John Grainger
Annelise Sunderland as she left Parramatta court. Picture: John Grainger

She received a 20-month intensive corrections order.

Commander Goldsmid said businesses who have been successful in regaining their stolen money generally alerted the police via ReportCyber and their bank within 24 hours.

He said all businesses were at risk, from big corporations to the fish and chip shop on the corner, with some smaller ones going under due to the theft of such large sums.

“Businesses, especially mum-and-dad businesses, are the engine room of Australia.

“Business owners work hard and the AFP is working hard to protect them from the cyber criminals looking for an easy payday.”

Commander Goldsmid said one way to stop this crime in its tracks is to call and check bank account numbers before making large transfers.

Other advice is not to open links or attachments in suspicious emails or from people you don’t know and train your employees to recognise potential phishing emails.

The AFP has released tips and information about: business email compromise; ransomware/extortion; remote access scams; malicious software; botnets; key loggers; viruses and worms; online shopping scams; remote access trojans and, money muling.

If you have been a victim of cybercrime report it immediately to Cyber.gov.au/report and your bank.

HOW TO PROTECT YOUR BUSINESS AND ACCOUNTS:

1. Don’t open links or attachments in suspicious emails or from people you don’t know and

train your employees to recognise potential phishing emails.

2. Limit levels of access within your business to minimise risk and ensure access is revoked

when employees change roles or leave the business.

3. Move away from simple passwords and consider using multifactor authentication and

strong passphrases.

4. Always confirm account details prior to making any transaction.

Source: AFP

Originally published as Australians fleeced of $98 million as the AFP return $45m to those duped by email scams

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.ntnews.com.au/technology/online/australians-fleeced-of-98-million-as-the-afp-return-45m-to-those-duped-by-email-scams/news-story/dd68a5f463b074c8d0d3594256a7c8f3