Police recover $777,000 of a victim’s funds stolen in BEC scam
Editor's note: Infographic explainer of the case study and TV grabs of AFP Senior Cybercrime Analyst Carolyne Burge and South Australia Police Detective Sergeant Martin Burke available via Hightail.
Police have recovered $777,000 stolen in a Business Email Compromise (BEC) scam after the victim sought help quickly – highlighting the importance of reporting cybercrimes to authorities as soon as possible.
As part of Cyber Security Awareness Month, which starts today (1 October, 2024), the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) is sharing how Australians commonly become victims of BEC scams and how they can protect themselves by setting up multi-factor authentication (MFA) and checking the accuracy of email addresses.
In this highlighted case, cybercriminals created a fake email address with one letter different to the legitimate business email to deceive a South Australian woman into unknowingly sending $813,000 to criminals.
Following an investigation by the JPC3, international law enforcement partners and multiple financial institutions, authorities were able to return $777,000 to the woman earlier this year (March, 2024) - representing about 96 per cent of the funds stolen.
In May, 2023, the woman had notified her bank and police through ReportCyber at cyber.gov.au two days after she had transferred $813,000 to a fraudulent bank account instead of a legitimate conveyancer's account as part of the purchase of a new home.
She was targeted by a BEC, a fraud technique used to deceive victims into unknowingly transferring funds to financial accounts controlled by criminals.
Under the multiagency taskforce Operation DOLOS, JPC3 worked closely with state and territory police and multiple financial institutions to freeze the scammer's fraudulent bank account and retrieve $505,000 of the victim's stolen funds before the money was transferred further.
Police identified that nearly $300,000 of the victim's stolen funds had already been transferred into cryptocurrency via a fraudulent Digital Currency Exchange (DCE) account.
The JPC3 then collaborated with international law enforcement partner, the Pakistani National Response Centre for Cyber Crime (NR3C) and global cryptocurrency exchange Binance, to freeze the fraudulent DCE account and retrieve $272,000 of that $300,000.
The NR3C identified a Pakistani national as a suspected money mule, alleging he opened the account in his name for other criminals to use to launder illicit funds.
The investigation, involving Australian and international law enforcement agencies, into the criminal group behind this fraud is ongoing.
AFP Detective Acting Superintendent Darryl Parrish said BEC scams were increasingly complex and criminals either hacked into, or created near identical, business email accounts to manipulate financial transactions.
"Cybercriminals commonly target businesses and individuals making significant payments, like property transactions, in an attempt to divert victim's funds to a fraudulent account," he said.
"In many cases, cybercriminals gain access to a business' email account, altering banking details and sending the new details to clients who unknowingly transfer funds to criminals.
"Businesses can prevent cybercriminals from accessing their online accounts by setting up multi-factor authentication (MFA) to add an extra layer of security, making it harder for criminals to get in.
"In other cases, like this one, the criminal had created a fake email address that looked like the legitimate business email. It is crucial for people to double-check emails, particularly email addresses and banking details, to avoid becoming victims of BEC scams."
According to the Australian Cyber Security Centre (ACSC), self-reported BEC losses amounted to almost $80 million during 2022-2023. On average, the financial loss from each BEC incident was more than $39,000, impacting both individuals, and small-to-medium businesses. *
Det. A/Supt. Parrish said the case highlighted the global nature of cybercrime, and the importance of offshore and domestic law enforcement partners working closely together to tackle and disrupt scams from every angle.
"While the investigation resulted in a successful outcome for the victim, it took nearly 12 months for her to recover most of the funds, which undoubtedly had an emotional and financial impact on her daily life,' he said.
"This case is an important reminder for everyone that the recovery of funds is complex and, in some situations, not possible, which is why all Australians need to take preventative measures to protect themselves from these manipulative cybercriminals.
"If you are a victim or have suspicions you have been scammed, report it as soon as possible to your bank then to police via cyber.gov.au. This is the best approach for police and banks to stop the transfer and retrieve your money. You can help others protect themselves from similar scams by reporting to Scamwatch."
Binance Investigations Specialist Robert Thomson said the nature of public blockchains, where all transactions were visible and trackable, made it easier to trace and recover funds, but it was important for users to remain vigilant.
"Binance works closely with law enforcement authorities around the world to help users impacted by hacks or theft to get the support they need," Mr Thomson said.
"However, while we invest heavily in our platform security, we strongly urge all users to remain vigilant. Ultimately, users themselves play the largest role in safeguarding their assets, which is why we do our best to continuously educate and inform our users of potential scams. It is critical to stay informed, use strong security practices, and be cautious of potential scams."
Protect yourself from Business Email Compromise (BEC):
- Turn on multi-factor authentication which uses two or more ways to verify a person's identify.
- What you know: PIN or passphrase.
- What you receive: Code sent to you via an authenticator app, text or email; and
- Who you are: Biometrics like a face scan or fingerprint.
- If you receive an email prompting you to make a payment:
- Contact the person or organisation separately, using different contact details you have verified separately to check if they are likely to have sent the message.
- Check details such as the spelling of a sender's domain name. Double-check by comparing it to previous correspondence.
- Think before you click. Don't click on links or download attachments from people you don't know.
- If you believe you have been the victim of an online fraud, report it
- Immediately to your bank, then to
- Police via the Australian Cyber Security Centre; and to
- Scamwatch to help protect others from similar scams.
For more information on how to stay safe online and report suspicious activity, visit ReportCyber at cyber.gov.au.
The JPC3 brings together Australian law enforcement and key industry and international partners to fight cybercrime and prevent harm and financial loss to the Australian community.
We are committed to equipping all Australians with the knowledge and resources to protect themselves against cybercrime.
Watch our cybercrime prevention videos and protect yourself from being a victim of cybercrime.
If there is an immediate threat to life or risk of harm, call 000.
If you are a victim of cybercrime, report it to police using Report Cyber.
If you, or someone you know needs help, we encourage you to contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636, who provide 24/7 support services.
Cyber Security Awareness Month is an annual reminder to secure your devices and accounts from cyber threats. Protecting yourself online doesn't have to be hard. Learn more about the simple things that you, your family, friends and colleagues can do to improve your cyber security.
Operation DOLOS includes the AFP, and all state and territory policing partners, the Australian Criminal Intelligence Commission (ACIC), Australian Cyber Security Centre (ACSC), Australian Transaction Reports and Analysis Centre (AUSTRAC), and representatives of the Australian financial sector and international law enforcement.