The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that had laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023. The group’s activities came to light in October 2021 when an Indonesian business reported losing $100,000 to a business email compromise attack conducted by the arrested individuals.
Two men and two women aged between 26 and 35 were arrested in Brisbane, Melbourne, and Adelaide, and the AFP has released video footage of the arrests.
The investigation revealed that the syndicate was responsible for a range of cybercrime operations, including BEC attacks, scams targeting Facebook Marketplace users, fraudulent superannuation investments, and others. The group laundered the victims’ losses using a massive network of 180 bank accounts, many of which were opened in South African banks using stolen identities. The syndicate allegedly laundered about $1.1 million to bank accounts in South Africa, where they worked with associates who sourced legitimate identity documents and altered photographs and birth dates so Australian syndicate members could use them.
The arrested individuals face charges for money laundering, producing or processing false travel documents, dishonestly obtaining personal financial information, and dealing in proceeds of crime.
Business email compromise attacks are a growing problem in Australia, and in 2022, businesses in the country lost over $98,000,000, with the average loss per reported incident being $64,000.
The AFP urges businesses and individuals to be extra cautious when conducting online transactions and emphasizes the importance of educating oneself on the latest scams and triple-checking transaction details to avoid falling victim to such crimes.
