ASIC media releases are point-in-time statements. Please note the date of issue and use the internal search function on the site to check for other media releases on the same or related matters.
19-253MR Online fraud syndicate dismantled after allegedly siphoning millions from shares and superannuation accounts
A 21-year-old Melbourne woman is due to appear before Court today as part of investigations into a major fraud and identity theft syndicate, which resulted in alleged thefts from the superannuation and share trading accounts of innocent victims worth of millions of dollars.
The Australian Federal Police (AFP) and Australian Securities and Investments Commission (ASIC) have been conducting investigations into the multi-layered cybercrime activity for more than twelve months. This operation is now being conducted as part of the Government’s joint-agency Serious Financial Crime Taskforce (SFCT).
ASIC and the AFP allege the woman worked as part of a syndicate which used fraudulently-obtained identities to commit large-scale online fraud.
It will be alleged the syndicate used stolen identity information purchased from dark net marketplaces, together with single use telephone SIM cards and fake email accounts, to undertake an ‘identity takeover’.
These identities, fraudulently created to mimic real individuals who unknowingly had their identities compromised, were then used to open bank accounts at various Australian banking institutions. Investigations have uncovered at least 70 bank accounts created using fraudulently-obtained identities to date.
Once the false identities and accounts were established, ASIC and the AFP allege the syndicate committed cybercrime offences to illegally steal money from the superannuation accounts of these victims, and from their share-trading accounts in ASX-listed companies.
Investigations are continuing to identify the number of affected victims and the scale of the alleged fraud, though it is expected to be worth millions of dollars. The superannuation companies and market participants involved are providing ongoing assistance to the investigation and the ASIC and AFP acknowledges their extensive cooperation to date.
ASIC and the AFP further allege the syndicate laundered the stolen funds through an overseas contact to purchase untraceable assets such as jewellery. It is believed the money was then transferred back to Australia through cryptocurrencies.
AFP Manager Cyber Crime Operations, acting Commander Chris Goldsmid, said this complex and detailed investigation revealed cybercrime occurring on multiple levels, and is an example of strong partnerships between Commonwealth Government agencies working together to disrupt organised crime that affects the Australian community.
“The consequences of the breaches we have discovered are far-reaching, and can be traced back to cybercrime offences that impact everyday Australians.
“From identity theft, where innocent victims have their personal details stolen and sold online in dark net marketplaces; to hacking and phishing – this investigation has illustrated the devastating impacts that compromise of your identity can have,” a/Commander Goldsmid said.
ASIC Deputy Chair Daniel Crennan, QC, said this matter highlights the challenging era of the digitalisation of the criminal economy.
“Cybersecurity threats such as data breaches and financial system attacks are a major concern for ASIC and we will continue to pursue not only cyber-related market and superannuation offending but also the need for institutions to maintain their obligations to ensure they have adequate cyber resilience,” he said.
Investigations into the syndicate are continuing, and further arrests and charges have not been ruled out.
Cybercrime is a key priority of the SFCT. The ATO-led SFCT is a joint-agency taskforce which brings together the knowledge, resources and experience of law enforcement and regulatory agencies to address the most serious threats of to the tax and superannuation systems of Australia.
Since the SFCT was established on 1 July 2015, more than 1,145 audits have been completed up to and including 30 June 2019. Liabilities have been raised in excess of $836 million, $306 million in cash collected and 5 successful convictions. Custodial sentences ranging from 2 – 14 years have been handed out.
For more information on identity crime, including how to protect your identity and where to go for help if you think your identity has been compromised, visit ASIC’s Moneysmart Identity Fraud page.
If you think you may have been a victim of cybercrime, you can report this through the Australian Cyber Security Centre’s ‘Report Cyber’ portal. The website also includes a range of advice on emerging cyber threats and how you can protect yourself online.
The 21-year-old woman is due to be charged today with a range of offences:
- Conspiring to cause unauthorised access and/or modification of data - multiple offences (contrary to 11.5 and 477.1 of the Criminal Code Act 1995(Cth));
- Conspiring to cause unauthorised modification of data knowing that the modification was unauthorised, and being reckless as to whether the modification will impair the reliability and security of the data – multiple offences; (contrary to 11.5 and 477.1 of the Criminal Code Act 1995 (Cth);
- Conspiring to dishonestly take or conceal articles in the course of post, contrary to sections 11.5(1) and 471.3 of the Criminal Code Act 1995 (Cth);
- Conspiring to dishonestly obtain property by deception, contrary to subsections 321(1) and 81(1) of the Crimes Act 1958 (VIC);
- Dealing in proceeds of crime valued at AUD100,000 or more – multiple offences (contrary to section 400.4 of the Criminal Code Act 1995 (Cth);
- Dealing in personal identification information – multiple offences (contrary to section 372.1 of the Criminal Code Act 1995 (Cth);
- Dealing in personal financial information – Multiple offences (contrary to section 480.4 of the Criminal Code Act 1995 (Cth);