cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

AFP arrests Sydney man over SMS phishing scam

The AFP has arrested a 30-year-old man for his alleged role in a Sydney-based criminal syndicate accused of stealing personal data, aiming to access thousands of Aussie bank accounts.

user iconReporter
Thu, 11 Aug 2022
AFP arrests Sydney man over SMS phishing scam
expand image

To identify the criminals responsible for sending hundreds of thousands of automated text messages that contained links to fake "Australian banking and telecommunication websites", the AFP launched Operation Iasion in September 2021.

The SMS phishing scam is alleged to have started in 2018 to target customers of the Commonwealth Bank of Australia, National Australia Bank and Telstra, among others.

A 30-year-old Sydney man is expected to face Sydney Central Local Court today (11 August 2022) charged with seven offences as a result of an AFP cyber crime investigation, which is still assessing the scale of the fraud.


The AFP allegedly identified the messages had been sent automatically through a SIMBOX, which was operated from the Sydney man's home in Ryde and another property in St Ives.

Police allege the SIMBOX, controlled by the syndicate, was regularly moved, according to AFP Detective Superintendent Bradley Marden, explaining the strategy was aimed at avoiding detection by law enforcement.

"One SIMBOX can hold in excess of 100 sim cards and send hundreds of thousands of text messages a day, simultaneously, to Australian mobile users.

"The damage this scam has cost Australians is still being determined, with our cyber crime investigators continuing to identify victims and piece together the extent of the fraud.

"These scam messages are a great burden to Australians, who receive them on a daily basis," Marden said.

People who fell victim to this scam would click the link in the text message, which took them to a fake website where they were prompted to enter their password and credentials.

The information was then allegedly used by the syndicate to try to access the victims' bank accounts and steal their identification.

AFP Cybercrime investigators executed a search warrant at the man's Ryde home yesterday (10 August 2022) and seized the following: in excess of $20,000 in cash, electronic storage devices allegedly containing more than 500 fraudulent identity documents in the names of numerous victims, multiple mobile phones, an encrypted desktop computer and a Huawei internet dongle. In November 2021, another Sydney man, 39, was arrested for his alleged role in the same scam.

Police will allege these electronic items enabled the man to exploit a victim's credentials and finances.

"We encourage people not to click on any links in a text message or email purporting to be from a bank or telecommunications company. Instead, go to their website or contact them directly," Marden said.

Police have allegedly identified victims who had several thousand dollars stolen from their accounts and investigations are continuing.

"If you believe you are a victim of a phishing scam, or see any discrepancies in your bank account, please contact your bank and report the matter to Report Cyber," Marden concluded.

[Related: US sanctions Tornado Cash due to North Korea ties]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.