Fraud syndicate steals millions from retirees’ nest eggs

Syndicate bought stolen identification information on the dark web to raid super funds.

cyber crime

A fraud syndicate bought stolen identification information on the dark web to set up bank accounts and allegedly moved almost $2 million from superannuation accounts without their owners being any the wiser.

The Australian Federal Police (AFP) and the Australian Securities and Investments Commission (ASIC) have revealed they had been investigating the multi-layered cybercrime activity for more than 12 months as part of the Government’s Serious Financial Crime Taskforce (SFCT).

A 21-year-old Melbourne woman has appeared in the Melbourne Magistrates’ Court charged with 53 counts of conspiring to cause unauthorised access and modification of data, conspiring to obtain property by deception and dealing in personal identification and financial information. It is alleged that more than $2 million was moved and that investigations are ongoing.

ASIC and the AFP allege the woman worked as part of a syndicate that used fraudulently obtained identities to commit large-scale online fraud.

ASIC said in a statement it will allege the syndicate used stolen identity information bought from dark net marketplaces, together with single use telephone SIM cards and fake email accounts, to undertake an “identity takeover”.

These identities, fraudulently created to mimic real individuals who unknowingly had their identities compromised, were then used to open at least 70 bank accounts at various Australian banking institutions.

Once the false identities and accounts were established, ASIC and the AFP allege the syndicate committed cybercrime offences to illegally steal money from victims’ superannuation and share-trading accounts.

ASIC and the AFP allege the syndicate laundered the stolen funds through an overseas contact to buy untraceable assets such as jewellery. It is believed the money was then transferred back to Australia through crypto currencies.

ASIC says investigations are continuing to identify the number of affected victims and the scale of the alleged fraud, though it is expected to be worth millions of dollars.

AFP manager of cyber crime operations acting commander Chris Goldsmid said the consequences of the breaches were far reaching.

“To put it simply, criminals have been attempting to steal retirement nest eggs from people around Australia using the dark net and crypto currencies,” he said at a news conference.

“The woman created Australian bank accounts using stolen identities, through identity documents stolen from online marketplaces on the dark net … a process we call ‘an identity takeover’.”

ASIC deputy chair Daniel Crennan, QC, said the case highlighted the challenging era of the digitalisation of the criminal economy.

“Cybersecurity threats such as data breaches and financial system attacks are a major concern for ASIC and we will continue to pursue not only cyber-related market and superannuation offending but also the need for institutions to maintain their obligations to ensure they have adequate cyber resilience,” he said.

Investigations into the syndicate are continuing, and further arrests and charges have not been ruled out.

For more information on identity crime, including how to protect your identity and where to go for help if you think your identity has been compromised, visit ASIC’s Moneysmart Identity Fraud page.

If you believe you may have been a victim of cybercrime, you can report this through the Australian Cyber Security Centre’s Report Cyber portal. The website also includes advice on emerging cyber threats and how to protect yourself online.

Have you checked your accounts? Do you believe you are sufficiently informed to stay ahead of cybercriminals?

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    Fisherman
    19th Sep 2019
    11:20am
    When I saw the Headline, I thought the government had found another way to give savers a haircut on their bank account savings. The scumbags just agreed to pass legislation to limit the amount of cash transactions to $10,000, with regulations associated with the legislation to allow the amount to be altered without the need for parliamentary approval. Do they really get it yet, why we don't trust our politicians?
    Rosret
    19th Sep 2019
    11:24am
    They did?
    What if you want to buy a house or something with the superannuation money?
    TREBOR
    19th Sep 2019
    12:39pm
    My first thought, too, Fisherman... and definitely time they learned to get their hands off our cash and assets - they're all bought and paid for post-income tax.... government has NO business with them in any way.

    It could be argued that the way some accumulate assets is sneaky and immoral - that's something the government should be concentrating on - and not on forever designing ways to rob those who've worked for their assets etc.

    Asset free pension - if you have arguments over home value etc, go search it all out and see where the cash came from... how many Cabramatta/Lakemba drug dealers etc own a string of houses now and have children set fair to rule this nation one day due to cashed-up privilege ... who oversees such untaxed income etc?

    Plenty of work there for the ATO and AFP - and legislators, in setting up the framework in which such things can be reviewed. How exactly does someone with no visible means of support buy house after house? Does anyone ever check?
    KSS
    19th Sep 2019
    12:44pm
    More unnecessary hyperventilating. Transactions over $10,000 have been tracked for decades. This new ruling only affects cash transactions in order to remove the possibility of money laundering. There are very few people who would pay for a house with an Aldi shopping bag full of cash. This transaction will be unaffected as would buying a car for example.
    TREBOR
    19th Sep 2019
    1:29pm
    Hmm - how does tracking money affect the ALDI bag form of delivery... ten withdrawals of $9,999 and Uncle Chen is your Daddy!!

    Exchange sen at the airport.... who queries?
    MICK
    19th Sep 2019
    2:15pm
    Trusting politicians is on a scale with the coal industry. Trust neither!
    Rosret
    19th Sep 2019
    4:21pm
    OK my understanding of "cash" is any form of actual money transaction. I wouldn't know how to get banknotes and coins from a superannuation account.
    Greg
    22nd Sep 2019
    12:16pm
    Rosret - cash in this instance is CASH, actual notes in your hand.
    Greg
    22nd Sep 2019
    12:19pm
    TREBOR - It's not only transactions of $10,000 or more, multiple transactions too can be reported, like the 10 x $9,999 or ANY suspect transactions can be reported.
    Rosret
    19th Sep 2019
    11:22am
    Question. If I go online to check my superannuation is that going to put me at a higher risk? How did they get password data etc because my superfund make it quite difficult to withdraw from the account.
    Sundays
    19th Sep 2019
    12:11pm
    Unfortunately mine wants certified copies of identity docs the first time you make a withdrawal. After that its just an online form. Money in my account within 3 days. Convenient for me but it is a risk if I was hacked. I do check balance monthly though
    Arvo
    19th Sep 2019
    3:58pm
    If they don't verify certified copies, they are useless and it's no wonder thieves get into super accounts. I would think that where thieves got into your super a/c the Superannuation Management should be liable and culpable for complicity in the crime be it due to the manager's incompetence and gross ignorance of duty of diligence.
    Changes in personal details on superannuation accounts and bank details should not be accepted without proper verification. Passwords to financial accounts should not be kept in browser memory manager, you should keep them written in a secure safe place at home. You should also clear the browser history of your website visits daily.
    TREBOR
    19th Sep 2019
    12:33pm
    a. Usual Suspects?
    b. Women bringing a different perspective to the thieving game?
    c. Bastards - they beat the government to the money.......
    GrayComputing
    19th Sep 2019
    12:33pm
    FIRST: There no 100% secure computer hardware systems anywhere in the world.
    SECOND: There is no 100% secure computer software (OS and apps) anywhere in the world.
    Sadly most governments and agencies are all too keen on having big brother collection systems locally and spying in other countries so they do no want us to have to have 100%secure computer systems or phones.
    Even the NSA got hacked. Our own parliament gets hacked via Sysco routers
    In the name of "security" for over 40 years agencies world wide wanted and managed often to put backdoors (special entry points to bypass any computer security into our computers routers, home devices, security cameras, TVs and even toys.
    The is most stupid idea ever based on the premise that the enemy and hackers will not find these backdoors that allow total access to all your PC, phone and corporate date.
    Partial Solution: Put some legal DATA encryption package on your PC to help protect it better. Back up your computer and phones often.
    KSS
    19th Sep 2019
    12:39pm
    Another reason to check accounts regularly and change access passwords frequently.
    casey
    19th Sep 2019
    1:38pm
    KSS I check my accounts every week on a Friday and make a note of my standing. However as far as passwords go, we have so many things which require a password nowdays that when I do change them its a problem to remember unless I write it down somewhere, which can create more problems,
    Arvo
    19th Sep 2019
    4:06pm
    casey- You should change your checking of accounts to daily instead of once a week. This will give the security manager of your financial institution a better, efficient chance of tracing how, when and where your money has disappeared to.
    Rosret
    19th Sep 2019
    4:28pm
    Arvo every time I do an online banking transaction being hacked crosses my mind. Checking daily is going to vastly increase the odds of someone hacking my details unless the password is frequently changed as well.

    After all, Google and Microsoft know absolutely everything we type.
    MICK
    19th Sep 2019
    2:27pm
    An issue I have seen evolving recently is institutions of all manner DEMANDING very personal information. We recently had this in an overseas funds transfer for the institution to transfer funds into our bank account, which was in the same country and had been long established. They demanded driver's licenses and a copy of our passports. That's pretty well enough information for identity theft and they cared not about this when it was put to them.
    All it takes is one crooked employee onselling your data to the dark web and you are done.

    Whilst I disagree with biometrics I can see the benefits. Unfortunately there is a possible downside for this as well and our ignorant and disinterested politicians will not care as they look the other way or head off to a long lunch.


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles