The Australian Federal Police (AFP) today announced that a 24-year-old Melbourne woman, arrested in 2019 for her role in large-scale identity thefts, has been sentenced to five years and six months in prison.
The woman pleaded guilty to her crimes on November 26, 2021.
According to the AFT, she was part of an international crime syndicate engaged in “sophisticated and large-scale cybercrimes”, stealing at least $3.3 million and laundering another $2.5 million.
In addition to these numbers, the criminals attempted to steal $7.5 million from their victims.
AFP arrested the woman when she was 21 at Melbourne airport in an investigation dubbed “Operation Birks” and executed search warrants at her home.
Further investigations, aided by files found on seized devices, revealed that the suspect was buying stolen identities of real people on the dark web, using fraudulently registered SIM cards and spoofing email accounts to perform “spoofing”. ‘identify”.
The scammers then used these identities to open more than 60 bank accounts at various Australian financial institutions, then stole the victims’ superannuation money (Australian superannuation program that a company sets up for the benefit of its employees) and stock trading accounts.
For this operation, the gang used phishing websites hosted on typosquatted domains that were promoted via malicious advertisements to ensure higher rankings in Google search results.
“The offender worked with others to create a cloned website that imitated a legitimate pension fund website, using a domain name nearly identical to the legitimate site,” explains the AFP report.
After withdrawing the money from the fraudulent bank accounts, the woman sent them to a contact in Hong Kong who purchased harder-to-trace assets (e.g. luxury goods) which were resold.
Ultimately, portions of the laundered monies were sent back to Australia in cryptocurrency, to minimize the risk of leaving a trail of money.
As AFP points out in the report, most of the victims of these crimes did not realize that their identities had been stolen and sold on the dark web, so they had no way to defend themselves against the fraud.