NSW Police Arrest Two Over Illegal $2.6 Million Business Email Ring
The NSW Police force has charged two unidentified men over their alleged involvement with a multi-million-dollar fraudulent email syndicate that was successfully fooling businesses into paying invoices directly to them.
The news comes after the police raided two properties in Sydney last week, where police seized computers, hard drives, phones, drugs, $5000 in Australian currency and $12,400 in US dollars.
Police are alleging that a 29-year-old that was arrested in Zetland is the ring-leader of the group, and will face charges related to directing a criminal group and fraud. NSW Police say that the leader has earnt more than $1.6 million, and was aiming for another million through email scams from mid-2018 to early this year.
Police say that the other man allegedly involved, a 30-year-old who was arrested in Rosebery, was arrested for his connection to handling the proceeds of crime, drug possession and involvement in an illegal cyber syndicate. The NSW Police charged three individuals last year for their connection to the same group being arrested now.
The group was running a number of business email compromise attacks, otherwise known as BEC scams, whereby a hacker will contact the finance department of an organisation and pressure them into paying a fake invoice directly to their bank account. They often masquerade as a legitimate business, with cybercriminals diligently researching who the company may have done business with recently, and will send a spoofed email pretending to be the finance representative of that company.
According to a report from Information Age, BEC scams cost Australian businesses more than $60 million in 2018 alone. Considering that there has been a notable increase in the number and sophistication of these attacks, that number is likely to be significantly larger in 2020. That same report states that “an ice rink in Sydney’s South West fell victim to a BEC scam earlier this year after receiving changed payment details for a new ice resurfacer it was purchasing… The ice rink ended up losing $77,000 into an unknown Hungarian bank account.”
Matthew Craft, Commander of the NSW Cybercrime Squad said that illegal activities like this present “a unique challenge for law enforcement.”
“These arrests are a timely reminder for all individuals and businesses to have strong cyber security measures in place for protection,” he added.
“During this investigation, officers uncovered a criminal network targeting hard-working Australian businesses through a series of sophisticated email scams. Police will allege the [email scam] group stole money from a range of businesses including those in property development, finance, construction and other trades.”
“Victims of cybercrime offences are not limited by state and territory borders and police will allege this syndicate targeted companies right across the country,” he concluded.
With the recent pandemic, cybercriminals are accelerating the rate and aggressiveness of their BEC campaigns,
The NSW Police force just a few weeks ago arrested a man charged with $11 million identity fraud scheme.