The AFP has successfully recovered nearly $800,000 that a South Australian woman lost to scammers when she was in the process of buying a house.

To mark the beginning of Cyber Security Awareness month, the Australian Federal Police (AFP) has released details of the 12-month process behind the recovery of the stolen money and urged Australians who fall victim to similar scams to quickly notify their bank and the relevant authorities.

Early last year, a South Australian woman was tricked by scammers into sending $813,000 to a fraudulent bank account.

This was done while she was in the process of purchasing a new house, with the cyber-criminals utilising a technique known as business email compromise (BEC), where fake email addresses are created which are nearly identical to legitimate ones.

The scam victim was sent a fake email pretending to be from a legitimate conveyancer’s account and conned her into transferring more than $800,000 to the fraudster’s bank account.

Two days later, the woman notified law enforcement authorities through the ReportCyber service at cyber.gov.au and told her bank that she had sent the money to the fake account.

A year-long, global operation

The AFP-led Joint Policing Cybercrime Coordination Centre then kicked into gear, launching Operation DOLOS and working in collaboration with a number of organisations to freeze the cyber-criminals’ bank account and successfully retrieve $505,000 of the stolen money.

It was then identified that nearly $300,000 of the stolen cash had been transferred into cryptocurrency through a fraudulent Digital Currency Exchange account, with a Pakistani national identified as the suspected money mule.

This man allegedly opened a cryptocurrency exchange account in his name which was used by the criminals to launder the illicit money.

In collaboration with the Pakistani National Response Centre for Cyber Crime and global cryptocurrency exchange Binance, the taskforce successfully froze the fraudulent cryptocurrency account and retrieved a further $272,000.

In total, $777,000 of the stolen money was returned to the South Australian woman, accounting for 96 per cent of the total amount lost.

The global investigation into the wider criminal group behind the scam is ongoing.

The need for vigilance

AFP Detective Acting Superintendent Darryl Parrish said the case study should serve as a wake-up call for Australian individuals and businesses to focus on their cyber security and be wary when making any large transactions online.

“While the investigation resulted in a successful outcome for the victim, it took nearly 12 months for her to recover most of the funds, which undoubtedly had an emotional and financial impact on her daily life,” Parrish said in a statement.

“This case is an important reminder for everyone that the recovery of funds is complex and, in some situations, not possible, which is why all Australians need to take preventative measures to protect themselves from these manipulative cybercriminals.”

The AFP has urged Australian individuals and businesses to ensure that multi-factor authentication is activated, to check all details when receiving an email, including email address and financial account information, and to immediately contact authorities and banks if they do fall victim to a scam.

Australians self-reported losses from BEC scams of nearly $80 million in 2022-23, with the average losses from such cyber-crimes found to be more than $39,000.

According to the Australian Competition and Consumer Commission’s National Anti-Scam Centre, Australians lost more than $2.7 billion to scams in 2023, with more than 600,000 individual victims in that time.

A report by ASIC recently found that small banks are failing to protect their customers from these types of scams, and are not performing as well as their larger rivals in this regard.