SMS phishing fraudsters charged

Publisher
Australian Federal Police
Date published
September 2020

Relevant impacts: Financial impact, Human impact and Industry impact.

Two men have been arrested for their involvement in an SMS phishing scheme working to steal identity and money from thousands of Australians.

The men allegedly used a type of cybercrime known as 'smishing' where SIM boxes are used to send text messages claiming to be from banks and telecommunications companies to mislead victims into providing personal or financial account information.

SIM boxes can use multiple SIM cards to send bulk text messages to tens of thousands of recipients in one go. It is alleged that the SIM boxes, which were controlled by the 2 men, were used to send more than 10,000 smishing messages over a 2-week period. As a result of these alleged attacks, 45 customers from a single bank were impacted and in one instance over $30,000 was allegedly stolen from a single customer.

The men have been charged with a number of offences including dealing in identification using a carriage service and using a telecommunications network with an intention to commit a serious offence.

Access the source

Related fraudster personas

The Fabricator

The Fabricator invents or produces something that is false to dishonestly gain personal benefits.

The Impersonator

The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.

Related countermeasures

Collaborate with strategic partners

Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.

Complaints handling

Allow clients, staff and third parties to lodge complaints about actions or decisions they disagree with. This may identify fraud or corruption as a cause for complaints, such as a failure to receive an expected payment.

Trained and qualified staff

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Authenticate identity

Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.

Parameters and limits

Apply limits on requests, claims or processes, such as maximum claim amounts or time periods. Enforce these limits using IT system controls.

Automatic notifications

Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.

Fraud detection software

Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.

Coordinate disruption

Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.

Submit a case study

We'd like to hear from you if you have a case study to share.

Submit your case study

Was this page helpful?