A fraud syndicate bought stolen identification information on the dark web to set up bank accounts and allegedly moved almost $2 million from superannuation accounts without their owners being any the wiser.
The Australian Federal Police (AFP) and the Australian Securities and Investments Commission (ASIC) have revealed they had been investigating the multi-layered cybercrime activity for more than 12 months as part of the Government’s Serious Financial Crime Taskforce (SFCT).
A 21-year-old Melbourne woman has appeared in the Melbourne Magistrates’ Court charged with 53 counts of conspiring to cause unauthorised access and modification of data, conspiring to obtain property by deception and dealing in personal identification and financial information. It is alleged that more than $2 million was moved and that investigations are ongoing.
ASIC and the AFP allege the woman worked as part of a syndicate that used fraudulently obtained identities to commit large-scale online fraud.
ASIC said in a statement it will allege the syndicate used stolen identity information bought from dark net marketplaces, together with single use telephone SIM cards and fake email accounts, to undertake an “identity takeover”.
These identities, fraudulently created to mimic real individuals who unknowingly had their identities compromised, were then used to open at least 70 bank accounts at various Australian banking institutions.
Once the false identities and accounts were established, ASIC and the AFP allege the syndicate committed cybercrime offences to illegally steal money from victims’ superannuation and share-trading accounts.
ASIC and the AFP allege the syndicate laundered the stolen funds through an overseas contact to buy untraceable assets such as jewellery. It is believed the money was then transferred back to Australia through crypto currencies.
ASIC says investigations are continuing to identify the number of affected victims and the scale of the alleged fraud, though it is expected to be worth millions of dollars.
AFP manager of cyber crime operations acting commander Chris Goldsmid said the consequences of the breaches were far reaching.
“To put it simply, criminals have been attempting to steal retirement nest eggs from people around Australia using the dark net and crypto currencies,” he said at a news conference.
“The woman created Australian bank accounts using stolen identities, through identity documents stolen from online marketplaces on the dark net … a process we call ‘an identity takeover’.”
ASIC deputy chair Daniel Crennan, QC, said the case highlighted the challenging era of the digitalisation of the criminal economy.
“Cybersecurity threats such as data breaches and financial system attacks are a major concern for ASIC and we will continue to pursue not only cyber-related market and superannuation offending but also the need for institutions to maintain their obligations to ensure they have adequate cyber resilience,” he said.
Investigations into the syndicate are continuing, and further arrests and charges have not been ruled out.
For more information on identity crime, including how to protect your identity and where to go for help if you think your identity has been compromised, visit ASIC’s Moneysmart Identity Fraud page.
If you believe you may have been a victim of cybercrime, you can report this through the Australian Cyber Security Centre’s Report Cyber portal. The website also includes advice on emerging cyber threats and how to protect yourself online.
Have you checked your accounts? Do you believe you are sufficiently informed to stay ahead of cybercriminals?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.