An Australian man has been sentenced to jail for more than two years over an SMS phishing scam, during which he stole AU$100,000 ($69,751) and targeted 450 victims.
The Sydney Local Court found the man guilty of various cybercrime offences, including obtaining and supplying data with intent to commit a computer offence. He was sentenced to two years and eight months' imprisonment, said the Australian Federal Police (AFP), which gathered evidence from website registrations suspected of being used to facilitate the phishing scams.
It noted that these sites were used to target customers of local telecommunications providers and financial institutions. Phishing activities were believed to have begun in 2018, when victims were lured into entering their personal data on the fraudulent websites. The information then was used to access the victims' phone and bank accounts and create new accounts.
Investigations into the crime kicked off in September 2021, with the AFP working alongside the NSW Police Cybercrime Squad to execute a search warrant at the man's home in November. SIM cards, bank cards, electronic devices, mobile phones, and storage devices were amongst items seized from his home.
AFP said they were able to link the man to more than AU$100,000 stolen from the accounts of 39 people. He was arrested on November 24, 2021.
The police also worked with Commonwealth Bank of Australia, National Australia Bank, and local telco Telstra to identify victims who provided their personal details to the phishing sites. Additional security protocols were implemented to prevent further funds from being stolen from these account holders, which AFP said stopped further theft of another 16,147 Australians.
AFP's spokesperson Chris Goldsmid said: "Scammers will use any tools they can to exploit people for their own profit. The internet and other new technologies provide opportunities to remotely access potential victims. We encourage Australians to protect themselves against phishing scams by carefully reviewing emails or SMS messages before clicking on any links."
The Singapore government last year also urged the need for shared responsibility, after a massive phishing scam involving 790 customers of OCBC Bank resulted in losses totalling SG$13.7 million ($10.18 million).
The Consumers Association of Singapore (CASE) this past week issued two alerts via its Facebook page, including one yesterday, to warn consumers of phishing email claiming to be its officers and directing recipients to fraudulent websites for monetary compensation. Targeted victims were given fake ticket numbers of disputes or claims and asked to click on a chat icon to access the phishing sites to receive updates or money.
CASE said its IT systems and database were secured and had not been compromised. It added that the police had been notified of the scams.
Following OCBC's phishing incident, Singapore banks rolled out a "kill switch" as part of security measures the government mandated to safeguard against future scams. Consumers also were urged to access their accounts via mobile banking apps, instead of web browsers, to minimise risks.