cfo-au logo
Story image

AFP arrests two men with ties to Australian SMS phishing scheme

29 Sep 2020

Two men have been arrested and charged with a string of offences for their roles in a ‘sophisticated’ SMS phishing scheme that conned Australians out of their money – and their identities.

Australian Federal Police (AFP) busted the two men, aged 50 and 36 respectively, for their alleged involvement in an Australian-based fraud syndicate.

The arrests are the result of an AFP Cybercrime Operations investigation, dubbed Operation Genmaicha, which spanned more than a year. The operation tracked the movements of a group said to be involved in fraud and phishing attacks against Australian financial institutions and their customers.

They uncovered nine ‘SIM boxes’ which they believed to be the source of the phishing attacks. These were allegedly used to send texts disguised as communications from banks and telecommunications firms. The texts asked people to provide personal and account information.

AFP conducted raids on two properties in Sydney, where they found the nine SIM boxes, hundreds of SIM cards, and multiple electronic devices, including mobile phones, laptops and hard drives, as well as fake IDs, $50,000 in a safe, a money counter, drugs, and drug paraphernalia.

AFP also allege that the SIM boxes were used to send more than 10,000 messages in a specific two week period. 45 customers from a single bank reported that they had fell victim to the phishing attempts. In one case, one bank customer lost $30,000 to the fraud.

Additionally, one telecommunications provider reported more than 49,000 messages that were sent to its customers in a single one-week period.

“Further investigations remain ongoing with financial industry partners to determine the exact extent of the fraudulent activity,” a state from AFP says.

AFP Commander Cybercrime Operations, Chris Goldsmid, says it was extremely sophisticated fraud operation.

“This fraud syndicate had absolutely no regard for the hardworking Australians they stole from, victims who may be struggling since the bushfires and COVID-19 hit the nation.”

“The success of Operation Genmaicha has prevented further Australians from seeing their hard-earned savings siphoned off to criminal entities.”

One man has been charged with several offences, including eight counts of false of misleading information, one count of using a telecommunications network to commit a serious offence, one count of dealing in identification information using a carriage service, one count of dishonestly obtaining or dealing in financial information, one count of dealing with property reasonably suspected of being proceeds in crime, and one count of possession of prohibited drugs. The other man is facing similar charges.

NSW Police Force Cybercrime Squad commander, detective superintendent Matthew Craft, comments “The ability of offenders to adapt technology for all the wrong reasons is a growing issue; however, police are equally up to the task of detecting and investigating these criminal syndicates.”

“This technology, while not frequently encountered by law enforcement, was on this occasion successfully deployed against victims as part of this SMS phishing scam.

“These types of scams become somewhat redundant when the community heeds the advice to never provide confidential personal information to people you don’t know and can’t identify. Legitimate businesses will never call or SMS customers seeking confidential information. Always be suspicious when you receive such requests.”

The AFP worked closely with Westpac, Commonwealth Bank of Australia, ANZ and TPG Telecom among others providing significant assistance throughout Operation Genmaicha. They continue to work together to uncover the full extent of the fraud.