A Sydney man has been charged with allegedly sending more than 17 million scam SMS messages impersonating the likes of Australia Post and Linkt to obtain the credit card details of unsuspecting victims.
Detectives from NSW Police’s Cybercrime Squad executed a search warrant in Moorebank in Sydney’s west on Tuesday morning, and arrested a 39-year-old man in relation to the alleged sending of millions of fraudulent text messages.
Police are alleging the man was responsible for sending over 17 million of these messages to Australians pretending to be from known organisations to trick individuals into clicking a fake link and handing over their personal information, such as credit card details.
During the search of the property, police found two active SIM boxes, multiple SIM cards, and electronics “consistent with running a fraudulent text message scam”.
SIM boxes are devices that contain a number of SIM cards linked to a VoIP gateway but are housed and stored separately from it.
They can be used to send bulk text messages containing fraudulent links across the Australian telecommunications network.
The SIM box found at the man's house. Photo: NSW Police
NSW Police’s Cybercrime Squad has established Strike Force Kanbi to investigate the use of these SIM boxes.
The SIM boxes and other items were seized by police to undergo further forensic examination.
The man has been charged with using equipment connected to a network to commit a serious offence and has been granted conditional bail.
He will appear before Liverpool Local Court in mid-January.
NSW Police Cybercrime Squad Commander Detecting Acting Superintendent Jason Smith warned Australians to be wary of these scams in the run-up to Christmas.
“As we enter the final lead up to Christmas, a lot of people will be expecting online deliveries; but under no circumstances should you ever click on a link you receive in an SMS message or email,” Smith said.
“Legitimate businesses will never call or SMS customers seeking confidential information. Always be suspicious when you receive such requests.
“Scammers will often pretend to be from a reputable company or financial institution, so even if it’s a company you regularly deal with, the safer option is to independently log into that company’s website to check your account.”
Smith said that SIM boxes can hold more than 250 active SIM cards and send out up to 150,000 messages per day.
“While the Cybercrime Squad remain committed to stamping out this type of crime, we need the community to be cyber-smart by not clicking links you receive in texts or email – the scammers are powerless if you don’t play into their hands.”
The Linkt SMS scam emerged in 2022, with Australian drivers tricked into giving up their credit card information by messages purporting to be from the organisation, saying they owe money for tolls.
From January to September 2022, the Australian Competition and Consumer Commission received about 2,000 reports of this scam, with a combined $112,000 in losses reported.
The actual loss figure is likely to be significantly higher.
The federal government has increased its efforts of late to combat scam text messages, launching a National Anti-Scams Centre in July. This centre, which was allocated $58 million in this year’s budget, will comprise a “hit squad” from across agencies to disrupt scams.
An SMS registry has also been established to assist telecommunications companies in blocking spam text messages that are attempting to impersonate official agencies or organisations.
The government provided $10 million over four years to the Australian Communications and Media Authority for the registry.
And earlier this month, a new Treasury consultation paper outlined how the boards of banks, telcos and digital platforms may be required to implement and monitor “robust measures” to combat scams.
The proposed new regulatory framework would create a range of sector-specific codes and standards to help to prevent, detect, disrupt and respond to scams.
Australian man charged with allegedly creating deepfakes
In another arrest this week, an Australian man has admitted in court that he published deepfake images of students and teachers from a Brisbane school, violating a court order that he cease doing so.
The 53-year-old man, Antonio Rotondo, is being sued by the eSafety Commissioner for allegedly making deepfake pornography of high-profile Australian women.
The court had ordered he take down the images and refrain from posting any further deepfake images but was this week found guilty of contempt of court for creating more of these fake pictures.
Deepfakes are videos of a person which have been digitally altered to show their face on someone else’s body.
Rotondo was fined $25,000 for contempt of court over the breach of the order.