Australian police arrest four BEC actors who stole $1.7 million

The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023. 

AFP’s investigation that led to the group’s dismantling started in October 2021, when an Indonesian business reported losing $100,000 to a BEC (business email compromise) attack conducted by the arrested individuals.

Eventually, two men and two women aged between 26 and 35 were arrested in Brisbane, Melbourne, and Adelaide. The AFP has also  of the arrests.

The investigation revealed that the syndicate was responsible for many cybercrime operations, including BEC attacks, scams targeting Facebook Marketplace users, fraudulent superannuation investments, and others.

The losses for victims range between $2,500 and $500,000, which the syndicate laundered using a massive network of 180 bank accounts, many of which were opened in South African banks using stolen identities.

“About $1.1 million was allegedly laundered to bank accounts in South Africa, where the group was working with associates who sourced legitimate identity documents and altered the photographs and birth dates so Australian syndicate members could use them,” .

“The majority of documents belonged to victims residing in South Africa, some of whom were Australian citizens.”

The arrested individuals face charges for money laundering, producing or processing false travel documents, dishonestly obtaining personal financial information, and dealing in proceeds of crime.

For two arrested crime members, the maximum penalty is ten years of imprisonment, while the other two charged with more counts for additional violations face a maximum sentence of 20 years in prison.

Business email compromise attacks are a growing problem in Australia. AFP reports that in 2022, businesses in the country lost over $98,000,000, with the average loss per reported incident being $64,000.

In light of the increasing cyber threats, the AFP urges businesses and individuals to be extra cautious when conducting online transactions.

AFP’s Commander of Cybercrime Operations, Chris Goldsmid, highlights the importance of educating oneself on the latest scams and triple-checking transaction details to avoid falling victim to such crimes.