Share this article on:
A business email compromise (BEC) scam that cost a Sydney hospital $2 million has led to the man behind it being charged.
BEC is a form of scam in which a scammer tricks a victim through email into transferring funds or handing over information by acting as a business with a bill or a close friend or trusted individual.
While the hospital has remained unnamed by NSW Police, the 49-year-old man had allegedly targeted the hospital with BEC attacks multiple times in September.
The NSW state crime command’s cyber crime group began investigating the BEC scheme as part of the newly established Strike Force Millbon.
As a result, the scammer’s Yagoona home was raided earlier this week, before he was charged with recklessly dealing with proceeds of crime of more than $5,000. He was refused bail.
As seen by ITnews, leader of the state’s cyber crime operation, Detective Superintendent Matt Craft, said BEC scams are on the rise, targeting businesses across NSW.
“These criminals are targeting all members of the community, particularly businesses and are using more elaborate and sophisticated ways to scam the general public,” Superintendent Craft said
Just last month, the Australian Federal Police (AFP) disclosed details of an investigation by its Joint Policing Cybercrime Coordination Centre (JPC3) that led to the recovery of almost $800,000 lost as part of a business email compromise (BEC) scam.
In this case, a South Australian woman received what appeared to be an email from a legitimate business; however, the email address was fake – one letter had been changed to create a fake email purporting to be from a conveyancer. The woman was tricked into sending $813,000 to the scammer in May 2023, thinking the money was going towards buying a property.
When the woman realised she had been scammed, she reported the crime to both her bank and ReportCyber two days later.
Following an investigation led by the JPC3 and territory and state police, the scammer’s onshore account was identified and frozen. $505,000 of the woman’s money was recovered before it could be sent offshore.
After identifying that almost $300,000 had been sent through a fake Digital Currency Exchange account, the JPC3 worked with the Pakistani National Response Centre for Cyber Crime and cryptocurrency exchange Binance to freeze that account and recover $272,000.
By May 2024, authorities were able to recover 96 per cent of the woman’s funds, and a Pakistani national was identified as a suspected money mule. The investigation into the identity of the scammers is ongoing.