The Australian Federal Police clawed back nearly $8.5 million in the past year taken from local businesses by cyber criminals who tricked them via email into paying fraudulent invoices.
The Business Email Compromise taskforce, known within the AFP as Operation Dolos, was established by the federal police in 2020, teaming up with law enforcement agencies in Europe, the UK and US.
Business Email Compromise (BEC) is a fraud technique by cyber criminals who use emails that appear to come from a known source making a legitimate request, such as invoicing, or instructions from a manager to pay for something.
The emails are faked and include bank account details that route the funds to the scammers. Often, the scam goes unnoticed for some time and the funds will be transferred out of Australia into countries where they are harder to track down.
The AFP said such frauds cost local businesses more than $79 million in the past 12 months and more than 3300 incidents were reported through the Australian Cyber Security Centre (ACSC).
The BEC taskforce includes the AFP’s Cybercrime Operations, state and territory law enforcement, the Australian Criminal Intelligence Commission, the ACSC and the Australian Transaction Reports and Analysis Centre.
In the 2020-21 financial year, the AFP taskforce clawed back $8.45 million lost to business email fraud. It included one case in September 2020 where scammers sent emails posing as staff members with invoices to a company’s finance department, but with changed bank account details.
Two payments, of about $520,000 and $2.1 million, were made into a Singaporean bank account. The scam was discovered after the second transfer and reported to NSW Police, who referred the matter to the AFP to go after the money.
Working with Interpol and Singaporean authorities, $2.1 million was stopped by Singapore Police from being transferred into another account by the scammers, and the money was successfully recovered. The first $520,000 had already been shifted.
“Don’t be embarrassed if you fall victim, report it immediately to your bank and the police to give us the best chance of recovering your money,” AFP commander of Cybercrime Operations Chris Goldsmid said.
“If you are transferring money online do your due diligence, ensure you are comfortable that you are sending the money to the correct person and account.”
Mr Goldsmid said it is reasonable to make further inquiries when asked to pay money via email, and suggested calling and directly checking.