AFP contributes to takedown of global cybercrime threat

Cyber_crime_BW

Editor's note: Imagery of the arrest in Ukraine is available via hightail and is attributed to the National Police of Ukraine

An Australian Federal Police operation has led to an international investigation into one of the world's largest phishing services that has impacted 11 countries.

The alleged offender developed a phishing package and administrative panel involved in approximately 50% of all phishing scams in Australia in 2019.

AFP Cybercrime Operations began an investigation into a series of phishing scam services in December 2018 following information provided by Australian banking institutions. The information indicated that cybercriminals were using a Universal Admin (U-Admin) phishing kit to steal user bank login details and intercept outgoing transactions.

AFP investigators worked closely with domestic and international partners to track and identify the developer of the U-Admin responsible for the phishing kits used to steal millions of dollars from Australian bank account holders.

The AFP shared the information it had gathered on the developer with the National Police of Ukraine and the US Federal Bureau of Investigations (FBI). The investigations continued offshore and resulted in the arrest of a 31-year-old Ternopil man in the Ukraine last week.

Police allege the man not only developed the U-Admin phishing kits used to steal tens of millions of dollars from 11 countries, but also was involved in sending phishing scams and conducted demonstrations on the DarkNet for cybercriminals to better understand how to use his products. 

The total number of victims and amount stolen as a result of these scams is still being determined with investigations continuing.

The AFP's close working relationships with its Australian banking, telecommunication and government partners, including NAB, Commonwealth Bank of Australia, Westpac, ANZ, Australian Cyber Security Centre (ACSC), the Sydney Joint Cyber Security Centre (JCSC), the Australian Communications and Media Authority (ACMA), and Telstra contributed to the investigation when identifying and tracking the anomalies in customers' transactions and identifying victims of these phishing scams.

Significant involvement from the AFP's international partners, including the National Police of the Ukraine, US Federal Bureau of investigations, Europol and the Police of Finland, and the Lithuanian Police Force resulted in the take down of this particular cybercrime threat impacting 11 countries.

AFP Commander Cybercrime Operations Chris Goldsmid said Australians should be wary of unsolicited emails or text messages that contain requests for personal information or links to websites.

"The AFP encourages any Australian who believes they have been the victim of a phishing scam or notices anomalies in their banking transactions to contact their bank and also report the matter using Report Cyber at the cyber.gov.au," said Cmdr. Goldsmid.

"The arrest in the Ukraine is a clear message to cybercriminals everywhere; it doesn't matter if you live in Australia or across the world, the AFP is working with its domestic and international partners to tackle the global threat of cybercrime and your activities are being targeted by multiple law enforcement agencies."

How the alleged phishing scam worked

U-Admin is a phishing framework cybercriminals use which in this case enabled them to steal login details from bank account holders.

The developer of the U-Admin phishing kits allegedly created the tools cybercriminals needed to send tens of thousands of SMS phishing scams with links to replica banking websites e.g. you receive a message telling you to confirm your bank account details to avoid suspension, click on this link to login.

The intent of the SMS phishing scam was that once someone clicked onto the link and input their login details into that replica banking website, the cybercriminal gained control of their bank account, including the authentication token code.

The cybercriminal who allegedly purchased the phishing kit from the developer now had two ways of stealing that account holder's money. They could login and transfer the funds out of the account or they could intercept future transactions the account holder makes e.g. you transfer $500, the cybercriminal intercepts the transfer and changes the recipient details so they get the money and the $500 never reaches its intended destination.

For tips on identifying a scam (phishing) message, visit the Australian Cyber Security Centre website.

If you are a victim of cybercrime, you can report it online or contact the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371).

Note to media

Media enquiries

AFP Media: (02) 5126 9297

National Security Hotline

Read the AFP Annual Report 2019-20

The Australian Centre to Counter Child Exploitation

Platypus Online: Read. Discover. Enjoy.