AFP logo at EBB Canberra

AFP saves mum and dad business from cyber criminals

24 September 2023, 7:21am
Media Release

AFP saves mum and dad business from cyber criminals

Editor’s note: Audio grabs, case studies and a series of cybercrime education videos are available via Hightail

The AFP has returned $45 million to Australian businesses targeted by cyber criminals in the past three years.

As the AFP today challenges the incorrect belief that once a person has lost their money to cyber criminals they will never get it back, new case studies will be revealed to show how investigators were able to thwart onshore and offshore cyber criminals from scamming Australian businesses.

And ahead of Cyber Security Awareness Month this October, the AFP will today release 11 short videos explaining how to help prevent falling victim to cybercrime – and what to do if targeted.

The videos, which run for 90 seconds, include tips and information about: business email compromise; ransomware/extortion; remote access scams; malicious software; botnets; key loggers; viruses and worms; online shopping scams; remote access trojans and, money muling.

AFP Cybercrime Operations Commander Chris Goldsmid said the common dominator for successful and partial recovery of funds was that victims contacted ReportCyber and their financial institutions as soon as they realised they had fallen victim to cyber criminals - usually within 24 hours.

Commander Goldsmid said self-reported losses to business email compromise scams increased to more than $98 million in 2021-22, with the average loss per successful compromise increasing to more than $64,000.

“Businesses, especially mum-and-dad businesses, are the engine room of Australia. Business owners work hard and the AFP is working hard to protect them from the cyber criminals looking for an easy pay day,’’ Commander Goldsmid said.

Business email compromise is where cybercriminals use a fake email account that looks or sounds similar to a business's real email address, or gains access and compromises a legitimate email account.

Cyber criminals then use these accounts to try and defraud people and businesses out of money or goods.

An example of this is invoice fraud, where cybercriminals compromise a supplier’s email account giving them access to real invoices where they can alter the bank and contact details before sending onwards to customers.

There is also employee impersonation, where cybercriminals use the compromised email account to initiate a fraudulent business transaction, redirect payment of their individual salary or trick employees into revealing sensitive business information.

Commander Goldsmid said a range of domestic criminals and criminal groups, plus those in Africa and Eastern Europe, were targeting businesses in Australia.

Commander Goldsmid said cyber criminals did not discriminate when it came to victims.

“Whether your business is big or small, everyone is at risk, so it’s important to know what to do to protect your business from cyber criminals and stay safe online.

“If you’ve been a victim of business email compromise or any cybercrime make sure you report it immediately to ReportCyber at and you should contact your financial institution if you suspect any unusual account activity.

“If you believe you have been targeted, make compromised accounts secure and notify any impacted third parties. Cybercriminals use these accounts to try and defraud people and businesses out of money or goods.

“To protect your business and accounts, don’t open links or attachments in suspicious emails or from people you don’t know and train your employees to recognise potential phishing emails.

“Also limit levels of access within your business to minimise risk and ensure access is revoked when employees change roles or leave the business.

“Contact the email provider or domain registrar if a cybercriminal is using an email service to impersonate you or your company.”

The AFP’s strong relationships with overseas law enforcement agencies and banks enabled money to be returned to customers, disrupting criminals who thought they were going to have an easy pay day.

The big four banks in Australia have seconded members to AFP’s Joint Policing Cybercrime Coordination Centre - the JPC3 - which uses the powers, investigative and intelligence capabilities of all Australian policing jurisdictions to target high-harm and high-volume cybercrime affecting the Australian community.

“Having banks work closely with the AFP has been invaluable. All four banks are a part of Operation HELIX, an industry-led targeting project designed to identify and combat the biggest sources of harm across the financial sector through cyber-enabled fraud,’’ Commander Goldsmid said.

“Through this project, the banks identified the need to target remote access scams, and assist the policing response in other investigations, such as Operation Dolos, which targets business email compromise scams.”

Operation Dolos includes the AFP, and all state and territory policing partners, the Australian Criminal Intelligence Commission (ACIC), Australian Cyber Security Centre (ACSC), Australian Transaction Reports and Analysis Centre (AUSTRAC), and representatives of the Australian financial sector and international law enforcement

The Australian Cyber Security Centre’s Annual Cyber Threat Report from July 2021 to June 22, revealed it had received more than 76,000 cybercrime reports during that period of time – an increase of 13 per cent compared to the previous financial year.

“Cybercrime is the break-in of the 21st Century,’’ Commander Goldsmid said.

“And for many in the community it is reimaging what a crime scene looks like.

“Any chance I get I like to remind business and the public that they have to think about cybercrime like just any other crime.

“Early engagement is key so law enforcement can investigate while also coordinating with those remediating affected systems.

“For business, we need them to have the muscle memory to call law enforcement immediately to ensure we get the evidence we need to identify those responsible for the cyber attack, disrupt the threat actors and protect their customers or those whose data is compromised.

“This will make it much easier as we work with financial institutions to make it harder for criminals to transfer money out of Australia when it has been obtained from cybercrime including, scams, ransomware and business email compromise.”

Media enquiries:
AFP Media: (02) 5126 9297

Connect with us:
Follow our Facebook, Twitter, LinkedIn, Instagram and YouTube pages to learn more about what the AFP does to keep Australia safe.