A Sydney man, 40, has been jailed for two years, after stealing more than $100,000 in an illegal SMS phishing scam that targeted 450 victims.
The man was sentenced to two years and eight months' imprisonment after facing the Sydney Local Court on Friday 20 January, 2023. The man was convicted of cybercrime offences including producing, supplying or obtaining data with intent to commit a computer offence.
The investigation began in September 2021, when the AFP obtained information about a series of suspicious website registrations suspected of being used to phish customers of Australian telecommunications providers and financial institutions.
The AFP in conjunction with the NSW Police Cybercrime Squad, executed a search warrant at the man's Ryde home on 24 November 2021. Police seized drug paraphernalia, sim cards, bank cards, electronic devices, mobile phones and storage devices.
Investigators were able to link the man to more than $100,000 stolen from the accounts of 39 people, resulting in his arrest on 24 November 2021.
Police believe the scam started in 2018 and targeted customers of several banks and a telecommunication company.
The man used these webpages to lure Australian victims to enter their personal information, which he would subsequently use to access their telephone accounts, bank accounts and create new accounts without their knowledge.
The AFP worked with Commonwealth Bank of Australia, National Australia Bank and Telstra to identify victims who had entered information into these phony webpages. The companies placed additional security protocols on those account holders, helping prevent further funds being stolen from the accounts of another 16,147 Australians.
AFP Spokesperson Commander Chris Goldsmid said the AFP is responsible for preventing, disrupting and investigating cybercrime offences with significant impact on the Australian economy.
"The AFP is committed to tracking down cybercriminals and bringing them to justice, no matter where they are in the world," Commander Goldsmid said.
Scammers will use any tools they can to exploit people for their own profit. The internet and other new technologies provide opportunities to remotely access potential victims."
"We encourage Australians to protect themselves against phishing scams by carefully reviewing emails or SMS messages before clicking on any links."
"Anyone who believes they have been a victim of a phishing scam, or who sees suspicious banking transactions should contact their bank and also report the matter via Report Cyber at cyber.gov.au."
The man was found guilty of:
- Attempted obtain benefit by deception contrary to section 192E of the Crimes Act 1900 (NSW)
- Obtain benefit by deception contrary to section 192E of the Crimes Act 1900 (NSW);
- Unauthorised access, modification or impairment with intent to commit a serious offence, contrary to section 477.1 of the Criminal Code (Cth); and
- Producing, supplying or obtaining data with intent to commit a computer offence, contrary to section 478.4 of the Criminal Code (Cth).
He was sentenced to 2 years and 11 months' jail (commencing from the date of arrest) with a recognisance order of $1000 and 13-month good behaviour bond, following his release.