Internet fraud and scams

The term 'online fraud' refers to any type of fraud scheme that uses email, web sites, chat rooms or message boards to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme.

Online fraud is the jurisdiction of the state or territory police if the victim is a not a Commonwealth Government department or a Commonwealth Authority.

The Australian Federal Police investigates frauds committed against a Commonwealth Government department or a Commonwealth Authority.

In general, state or territory police jurisdiction exists:

  • in the state or territory where the offender has committed the crime, and
  • in the state or territory where the victim has been defrauded - this includes situations where the offender is located overseas.

Forms of online fraud

Internet banking fraud

Internet banking fraud is fraud or theft committed using online technology to illegally remove money from, or transfer it to, a different bank account. Types of internet banking fraud include phishing and mule recruitment, and can happen through your smartphone, tablet and other mobile devices.

Mobile banking

Banking on your computer, tablet or smartphone is so convenient and banks protect your accounts with sophisticated software systems. Criminals know it's difficult to defeat these systems, so they focus on customers directly, tricking their victims into revealing confidential information.

Avoid becoming a victim by knowing how to protect your information and your mobile devices, and understand how criminals use scams to try to defraud people.

This fact sheet prepared by the Australian Bankers' Association (ABA) and the AFP provides some useful information and some simple security steps to protect your valuable personal information.

Phishing

Phishing involves using a form of spam to fraudulently gain access to people's internet banking details. The term 'phishing' refers to the use of spam e-mails purporting to be from a bank, in this way criminals 'fish' for legitimate bank customer's logon information.

Criminals send out millions of these fraudulent e-mails to random e-mail addresses in the hope of luring unsuspecting innocent persons into providing their personal banking details.

Typically, a phishing email will ask an internet banking customer to follow a link to a fake banking website and enter his or her personal banking details.

If the link is followed, the victim often also downloads a malicious program which captures his/her keyboard strokes including any typed information such as banking login details and sends them to a third party.As well as targeting internet banking customers, phishing emails may target online auction sites or other online payment facilities.

Legitimate banks do NOT send such emails to their customers.

The AFP works with the financial sector, internet security industries and relevant organisations to investigate crimes associated with phishing emails.

What you can do

It is important to also make others aware about these emails and encourage them to never respond to requests for personal details. Some email frauds/scams can seem extremely convincing, hence their effectiveness for criminals.

The AFP suggests that you treat phishing emails as spam delete them without opening. Spam emails are a proven method for distributing viruses and other unwanted programs.

It is not necessary to forward these emails to the AFP. Financial institutions and the AFP are made aware of current phishing emails as they happen via internal partnerships.

If you believe you are a victim and have lost money as a result of phishing activities, please contact your financial institution immediately.

Mule Recruitment

Diagram explaining mule recruitment

'Mule Recruitment' is an attempt to get a person to receive stolen funds using his or her bank account, and then transfer those funds to criminals overseas.

Usually, criminals send out millions of fraudulent job and employment emails to random email addresses, in the hope of involving unsuspecting, innocent persons in their criminal activity.

The AFP advises that you should ignore and immediately delete any such emails.

If you have received money in your bank account, transferred or attempted to transfer money overseas under these circumstances, please contact your financial institution immediately.

Depending on the situation, it is possible that people who agree to participate in such 'jobs' may be prosecuted.

Other methods of Mule recruitment

Online criminals are now finding additional ways to launder funds which have been stolen from Australian bank customers.

The new methodology expands on existing money laundering scams; criminals advertise jobs on popular employment or job-seeking websites, online in chat rooms or through unsolicited employment emails.

In this instance, the Mule receives electronic or associated goods, purchased using fraudulently obtained funds. The Mule is then provided with instructions on how and where to forward the goods, and is promised payment of up to $4,000 per week for their services.

Mules unknowingly ship this equipment off, normally to an overseas address, and are often not paid for this "employment".

Depending on the circumstances, Mules may also face prosecution. A conviction for an offence of money laundering may carry a penalty of up to 20 years imprisonment.

If you have received money in your bank account, or have received and/or forwarded goods under these circumstances, please report the incident to your bank and the nearest State or Territory police station.

Depending on the circumstances, people engaged in the laundering of stolen funds may be prosecuted.

Investment and Fund Management companies should also be aware that organised crime groups also appear to be utilising B-Pay to transfer stolen funds from victim accounts to accounts held by the management companies. Accounts are often held in false names or the result of an identity takeover. Stolen funds are then transferred from the managed fund accounts to an alternate account where the crime groups withdraw cash at a branch.

Investment companies should be aware of this methodology and audit transactions to prevent the loss of funds.

Shopping and auction site fraud

In order to decrease the risk of online fraud happening to you when using online auction sites or conducting transactions over the Internet, you should familiarise yourself with the advice provided by the Australian Competition and Consumer Commission (ACCC), this can be found by visiting www.accc.gov.au.

Regarding online transactions, it is advisable to select a secure payment service yourself rather than accept advice from the seller. Do not click on links to banking or similar services provided in emails as these may lead to fraudulent sites. If you receive a suspect email, the best course of action is to delete it immediately. Do not follow any links, or reply to the sender. By following a link, you may accidentally download a 'Trojan' or 'key logging' program, which could compromise your security. By replying, you run the risk of receiving more emails from this source.

Scams

'Nigerian letter' or '419' scams, as well as 'lottery' or 'Spanish lottery' scams, attempt to lure victims into a type of fraud known as an 'illegal advance fee'. They typically arrive via email.

Criminals send out millions of these fraudulent spam emails to random email addresses in the hope of enticing someone to respond.

Although the stories in these scams vary widely, after an initial exchange of conversation or emails with the victim, they all usually ask victims to provide bank account or personal details in order to receive a fictitious financial windfall.

The promised windfall may be lottery winnings, a huge inheritance, a multi-million dollar bank transfer, etc. While the windfall payment is never made, victims pay large sums of money to cover various false costs and fees.

As a general rule, we recommend that you apply the standard 'physical world' test to any online proposition: if it sounds too good to be true, it probably is. You can learn more about scams at www.scamwatch.gov.au.

Spam

is unsolicited commercial messages sent via email, SMS, MMS and other, similar electronic messaging media. They may try to persuade you to buy a product or service, or visit a website where you can make purchases; or they may attempt to trick you into divulging your bank account or credit card details. The Australian Communications and Media Authority (ACMA) is the appropriate Government Agency to approach regarding any specific enquiry or complaint about spam. They can be contacted at www.acma.gov.au.

The AFP works cooperatively with relevant agencies in Australia and overseas to reduce the incidence and impact on the global community of such activity.

General advice

If you receive a suspect email, the best course of action is to delete it immediately. Do not follow any links, or reply to the sender. By following a link, you may accidentally download a 'Trojan' or 'key logging' program, which could compromise your security. By replying, you run the risk of receiving more emails from this source.

Identity theft

A large part of online crime is now centred on identity theft which is part of identity fraud and specifically refers to the theft and use of personal identifying information of an actual person, as opposed to the use of a fictitious identity. This can include the theft and use of identifying personal information of persons either living or dead.