Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Quick action leads to recovery of $777k lost to BEC scam

An international police operation has helped a South Australian woman recover funds lost to a 2023 business email compromise scam.

user icon David Hollingworth
Tue, 01 Oct 2024
Quick action leads to recovery of $777k lost to BEC scam
expand image

The Australian Federal Police (AFP) has shared the details of an investigation by its Joint Policing Cybercrime Coordination Centre (JPC3) that led to the recovery of almost $800,000 lost as part of a business email compromise (BEC) scam.

The AFP shared details of the case today to highlight the dangers of BEC scams as part of Cyber Security Awareness Month, which kicks off today, 1 October.

In particular, the AFP said this shows the importance of a quick response when it comes to recovering money lost to a scam.

============
============

In this case, a South Australian woman received what appeared to be an email from a legitimate business; however, the email address was fake – one letter had been changed to create a fake email purporting to be from a conveyancer. The woman was tricked into sending $813,000 to the scammer in May 2023, thinking the money was going towards buying a property.

When the woman realised she had been scammed, she reported the crime to both her bank and ReportCyber two days later.

Following an investigation led by the JPC3 and territory and state police, the scammer’s onshore account was identified and frozen. $505,000 of the woman’s money was recovered before it could be sent offshore.

After identifying that almost $300,000 had been sent through a fake Digital Currency Exchange account, the JPC3 worked with the Pakistani National Response Centre for Cyber Crime and cryptocurrency exchange Binance to freeze that account and recover $272,000.

By May 2024, authorities were able to recover 96 per cent of the woman’s funds, and a Pakistani national was identified as a suspected money mule. The investigation into the identity of the scammers is ongoing.

“Cyber criminals commonly target businesses and individuals making significant payments, like property transactions, in an attempt to divert the victim’s funds to a fraudulent account,” AFP Detective Acting Superintendent Darryl Parrish said in a statement.

“In many cases, cyber criminals gain access to a business’ email account, altering banking details and sending the new details to clients who unknowingly transfer funds to criminals.

“Businesses can prevent cyber criminals from accessing their online accounts by setting up multifactor authentication (MFA) to add an extra layer of security, making it harder for criminals to get in.

“In other cases, like this one, the criminal had created a fake email address that looked like the legitimate business email. It is crucial for people to double-check emails, particularly email addresses and banking details, to avoid becoming victims of BEC scams.”

Australians reported $80 million in losses to BEC scams to the Australian Cyber Security Centre for the period between 2022 and 2023.

“This case is an important reminder for everyone that the recovery of funds is complex and, in some situations, not possible, which is why all Australians need to take preventative measures to protect themselves from these manipulative cyber criminals,” Superintendent Parrish said.


If you are a victim of cyber crime, report it to police using Report Cyber.

If you or someone you know needs help, we encourage you to contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636, who provide 24/7 support services.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.