Police allege that a 43-year-old Nigerian man coordinated a fraud ring from inside Villawood immigration detention centre that netted more than $3 million through business email compromise.
The man has been charged with knowingly directing the activities of criminal group, two counts of knowingly dealing with the proceeds of crime, and possessing identity information to commit indictable offence.
NSW Police have charged three other people over their alleged participation in the fraud ring.
Police conducted raids at the Villawood detection centre, homes in Kingswood, Chester Hill and Granville, and a Hoxton Park storage unit, seizing computers, storage devices, mobile phones, SIM cards, and documents.
Investigations into the alleged fraud syndicate were led by the detectives of Strike Force Woolana, which was established earlier this year by the State Crime Command’s Cybercrime Squad to target organised fraud.
“In this day and age, most companies use electronic accounting systems and pay accounts electronically, which can make them susceptible to business email compromise scams,” said Detective Superintendent Arthur Katsogiannis, commander of the Cybercrime Squad.
“We would encourage all businesses to develop systems to combat against scams, including scrutiny of email requests to transfer funds or change account details, and standard procedures to follow to protect against business email compromises.
“While there are many variables, generally, the perpetrators will ‘spoof’ or compromise corporate executive or employee email accounts and send email requests to an accounts payable employee for an electronic funds transfer.”
“Staff should be suspicious about these types of requests, and if they take the time to verify the authenticity of the email, whether it be via phone or a fresh email, they can potentially prevent the compromise,” Katsogiannis said.
“That said, we still encourage anyone – corporate or personal – who have been a victim of email compromise to report it to police,” he added.
Although the most high-profile cyber crime cases tend to involve ransomware or hacking, business email compromise can be far more costly for businesses.
Figures from the Australian Competition and Consumer Commission’s annual Scamwatch report reveal that Australians lost at least $22.1 million to business email compromise in 2017.