Large-scale attack stole thousands of dollars from banking customers
Two men have been arrested for their alleged involvement in a “sophisticated” SMS-based phishing scheme targeting Australian financial firms and their customers.
The unnamed individuals, aged 36 and 50, were detained by police in relation to a large-scale ‘smishing’ campaign.
Australian Federal Police and New South Wales Police launched Operation Genmaicha in July 2019, following reports of an online group sharing information about how to conduct fraud and phishing attacks.
Police identified a number of ‘SIM boxes’ as the key source of large-scale SMS phishing attacks, a press release reads.
The SIM boxes were allegedly used to send text messages purporting to be from Australian banks and telecommunications companies, to mislead victims into providing their personal or financial account information.
Police allege that these SIM boxes were used to send thousands of smishing messages to unwitting individuals. One victim had A$30,000 (US$21,000) stolen from their bank account, according to authorities.
During a raid on premises in Macquarie Park and Burwood, Sydney, officers seized nine SIM boxes, hundreds of SIM cards, mobile phones, laptops, and hard drives, the statement reads.
Fake ID documents, at least A$50,000 (US$36,000), a money counter, narcotics, and drug paraphernalia were also discovered.
The arrests were made this week as part of the year-long Operation Genmaicha
The 50-year-old was charged with multiple crimes, including one count of using a telecommunications network with intention to commit a serious offence and one count of dealing in identification information using a carriage service.
The 36-year-old will be charged at a later date.
NSW Police Force cybercrime squad commander, Detective Superintendent Matthew Craft, said: “The ability of offenders to adapt technology for all the wrong reasons is a growing issue; however, police are equally up to the task of detecting and investigating these criminal syndicates.
“This technology, while not frequently encountered by law enforcement, was on this occasion successfully deployed against victims as part of this SMS phishing scam.
“These types of scams become somewhat redundant when the community heeds the advice to never provide confidential personal information to people you don’t know and can’t identify.
“Legitimate businesses will never call or SMS customers seeking confidential information. Always be suspicious when you receive such requests.”
READ MORE Tennessee healthcare data breach impacts 235,000 patients