NAB Executive Group Investigations Chris Sheehan joined Australian Federal Police (AFP) Acting Assistant Commissioner Cyber Commander Chris Goldsmid for a discussion at an Trans-Tasman Business Circle event in Sydney on Wednesday.
Hosted by The Australian’s Senior Banking reporter Joyce Moullakis, the following excerpts from the discussion highlight the complexities of the scam ecosystem and tackling the epidemic.
Scams and fraud in the digital age
“We are frankly in the middle of a digital crime tidal wave. I don’t like using dramatic phrasing when it comes to this sort of thing. But the reality is that’s where we are,” Mr Sheehan said.
“It’s a type of criminality that is being driven, make no mistake about it, by transnational organised crime groups.”
Criminals trawling for victims online
Mr Sheehan said one of the most concerning aspects of scams is the sheer number of victims involved at every stage of the scam lifecycle.
“The majority of scams that impact our customers originate either via an online platform, a social media service, a phone call, a text message, or a messaging service like WhatsApp. That’s not made-up data. That’s the reality,” Mr Sheehan said.
“Criminals are throwing these lures out on a range of different platforms to try and get someone to engage with them, and then when they engage with them, they use a whole range of really sophisticated social engineering, psychological engineering techniques to hook them.
“There are victims at every stage of the life cycle of a scam. It is absolutely a victim-heavy type of crime and it’s not stopping anytime soon.”
Complex ecosystems
Mr Goldsmid shed light on the intricate ecosystem surrounding scams.
“We do see a really complex ecosystem around this where it is driven by transnational serious organised crime,” Mr Goldsmid said.
“There’s a whole supply chain that sits around it, from the people that provide the marketplaces and forums to sell these tools, to sell the data that’s been stolen, to sell the customer lists, to the people that provide the financial services and the laundering mechanism.”
Lifting the veil on money mules
Mr Goldsmid said the AFP are seeing heavy recruiting of individuals who are unwittingly becoming money mules, helping facilitate the laundering mechanism involved in scam activity.
“We see it with romance scams. We do see a lot of people that are recruited to be money mules who may not know what they’re actually being recruited to do and may not know that they’re actually being part of a criminal network and a laundering network,” Mr Goldsmid said.
Mr Sheehan said money mules are a challenge for banks.
“What we see is a lot of recruiting of individuals who are unwittingly money mules, and we see it with international students,” Mr Sheehan said.
Banks and law enforcement working together
Mr Goldsmid said banks and law enforcement frequently share information and collaborate to stop crime.
“I think, you know, we’ve got a good system through Report Cyber. I think that’s certainly something we’re looking at; what more we can do through working with industry.
“I guess the call out here is one of the things we’re doing through the JPC3 in Sydney is the Dolos taskforce, which is a taskforce set up to focus on business email compromise. It’s a really close collaboration between law enforcement and the banks, and we’re quite successful. This is contingent on early reporting, sharing intel between law enforcement… I think we’re up over $66 million that we’ve been able to return to victims through that process, and that’s something we’re looking to build on in the future.”
We can’t go it alone – an Australia-wide approach needed
Mr Goldsmid said while government work was underway to build resilience, it is important to ensure the ecosystem works together to disrupt criminal activity.
“I mean certainly from a from a government perspective, you know there’s a lot of work underway to try and educate and build resilience in the community for scams,” Mr Goldsmid said.
“There’s a range of different, I guess, operational activities that really relies on that close collaboration with industry.
“Whether that’s the site takedowns, the work with telcos and banks on phishing or businesses that are compromised… the prevention work is a huge priority for us.”