A 36-year-old New South Wales man has been charged over a phishing scheme that hoovered up the personal information of Australians, after several of his phones were found in a drainpipe in his home.
The man, from Tomakin in southern NSW, appeared before Batemans Bay Local Court earlier this week on charges relating to a phishing scheme that targeted customers of a telecommunications company in Australia.
The Australian Federal Police (AFP) has alleged that in early August the man began sending phishing text messages to customers of a telecommunications provider saying that their mobile service was going to be restricted due to missed payments.
Police claim these messages included a link to a malicious website that harvested the personal information and banking details of unsuspecting individuals.
Phones found down a drain
After receiving a report from the telco in question, AFP commenced its investigation on 20 August.
Three weeks later, a search warrant was executed at the house of the Tomakin man, and he was arrested.
At the house, AFP allegedly found a number of mobile devices down an in-ground drainage pipe.
These, along with computers, laptops and SIM cards were seized by AFP, with subsequent analysis revealing a “substantial quantity” of files containing personal information of other individuals.
This personal information included usernames, passwords and credentials for a range of websites and services.
The man has been charged with one count of producing, supplying and / or obtaining data with the intent to commit a computer offence, which carries a maximum penalty of three years’ imprisonment.
He was also charged with one count of dishonestly obtaining and / or dealing in personal financial information, which has a maximum penalty of five years’ imprisonment.
A view inside the man's house. Photo: AFP
AFP Detective Inspector Steven Wiggins said that the agency is working with law enforcement and industry partners to disrupt criminal phishing attacks.
“Cybercrime offending is becoming increasingly sophisticated, demanding a more advanced and more targeted response to scam activity by police,” Wiggins said.
“Scams don’t discriminate and can affect anyone, which is why greater awareness is so important.
“Police, government, business and individuals all have a role to play in building a scam-aware community, meaning criminals who engage in these practices are less likely to succeed.”
Scams on the rise
In the first six months of the year ScamWatch received more than 108,000 reports of scams and financial losses amounting to a total of $174 million.
According to a survey conducted by the Australian Institute of Criminology, nearly half of all Australians fell victim to cybercrime in the year prior to the 2024 report.
This report also showed that those surveyed were stagnating on passwords and falling behind on safety measures.
The federal government has recently made efforts to address the growing threat of cybercrime and phishing, with some of the onus passed onto telecommunications firms and banks.
From 15 December, telcos will have to block SMS scams using the SMS ID Register.
Under the new rules, businesses trying to send SMS messages using custom “sender ID’ labels will have to register them first, with telcos forced to block all non-compliant messages.
This Register was legislated last year and designed to prevent scammers from being able to trick individuals by co-opting the legitimate sender IDs of organisations including major banks or government agencies.
Australian banks also recently launched Confirmation of Payee, which cross-checks the details of customer payments to make sure the account name, BSB and account number of the recipient’s account match what the sender believes them to be.
