Two men allegedly behind a phishing scheme that saw thousands of Australian consumers targeted and many scammed out of tens of thousands of dollars have been arrested in NSW.
Police will allege the men were part of an Australian-based fraud syndicate working to steal identities and money from thousands of Australians through a sophisticated SMS phishing scheme.
They posed as Australian banks and telecommunications companies, misleading victims into providing their personal or financial account information, police say.
Using SIM boxes, which are capable of sending tens of thousands of text messages at a time, the group fleeced 45 customers from one bank alone - in one instance stealing more than $30,000 from a single customer.
One telecommunications provider identifying more than 49,000 messages sent to its customers within the span of one week.
The AFP and NSW Police searched properties in Burwood and Macquarie Park on Tuesday, where they seized nine SIM boxes, hundreds of SIM cards, and multiple electronic devices, including mobile phones, laptops and hard drives.
Fake ID documents, over $50,000 in cash, a money counter, methamphetamine and drug paraphernalia were also seized.
AFP Cybercrime Commander Chris Goldsmid said the sophistication and scale of the attacks was extreme.
"This fraud syndicate had absolutely no regard for the hardworking Australians they stole from, victims who may be struggling since the bushfires and COVID-19 hit the nation," Cmdr Goldsmid said in a statement.
A 50-year-old Macquarie Park man was arrested and charge with a string of offences including eight counts of giving false or misleading information, one count of dealing in identification information and one count of using a telecommunications network to commit a serious offence.
He was remanded in custody and will face Sydney Central Local Court on November 18.
A 36-year-old Burwood man will be charged with similar offences at a later date.
These kinds of scams wouldn't work if people heeded the advice to never provide confidential personal information to people you don't know and can't identify, NSW Police Cybercrime Squad Commander Detective Superintendent Matthew Craft said.
"Legitimate businesses will never call or SMS customers seeking confidential information. Always be suspicious when you receive such requests," he said in a statement.