Quick Action Leads to Recovery of $777K Lost in BEC Scam

Quick Action Leads to Recovery of $777K Lost in BEC Scam

An international police operation helped a South Australian woman recover funds lost in a business email compromise scam in 2023.

The Australian Federal Police (AFP) has shared details of an investigation by its Joint Cybercrime Coordination Center (JPC3) that led to the recovery of nearly $800,000 lost as part of a business email compromise (BEC) scam. ).

The AFP today shared details of the case to highlight the dangers of BEC scams as part of Cyber ​​Security Awareness Month, which begins today, October 1.

In particular, the AFP stated that this demonstrates the importance of a quick response when trying to recover money lost in a scam.

In this case, a woman in South Australia received what appeared to be an email from a legitimate company; however, the email address was fake: a letter had been changed to create a fake email purporting to be from a carrier. The woman was tricked into sending $813,000 to the scammer in May 2023, thinking the money would go toward purchasing a property.

When the woman realized she had been scammed, she reported the crime to both her bank and ReportCyber ​​two days later.

Following an investigation led by JPC3 and state and territorial police, the fraudster’s onshore account was identified and frozen. $505,000 of the woman’s money was recovered before it could be sent overseas.

After identifying that nearly $300,000 had been sent through a fake digital currency exchange account, JPC3 worked with Pakistan’s National Cyber ​​Crime Response Center and cryptocurrency exchange Binance to freeze that account and recover $272,000. .

In May 2024, authorities were able to recover 96 percent of the woman’s funds and a Pakistani national was identified as a suspected money mule. The investigation into the identity of the scammers is ongoing.

“Cybercriminals often target businesses and individuals making large payments, such as real estate transactions, in an attempt to divert the victim’s funds into a fraudulent account,” AFP Acting Superintendent Darryl Parrish said in a statement.

“In many cases, cybercriminals gain access to a company’s email account, alter banking details and send new data to customers who unknowingly transfer funds to criminals.

“Businesses can prevent cybercriminals from accessing their online accounts by setting up multi-factor authentication (MFA) to add an extra layer of security, making it more difficult for criminals to gain access.

“In other cases, like this one, the criminal had created a fake email address that looked like legitimate business email. “It is essential that people check their emails, particularly email addresses and banking details, to avoid becoming victims of BEC scams.”

Australians reported $80 million in losses from BEC scams to the Australian Cyber ​​Security Center during the period from 2022 to 2023.

“This case is an important reminder to everyone that recovering funds is complex and, in some situations, impossible, which is why all Australians must take preventive measures to protect themselves from these manipulative cybercriminals,” Superintendent Parrish said.


If you are a victim of cybercrime, report it to the police using Report Cyber.

If you or someone you know needs help, we recommend that you contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636, who provide 24/7 support services.

Leave a Reply

Your email address will not be published. Required fields are marked *