Fraudster sentenced after stealing millions from super and share accounts

On Friday, the unnamed woman was sentenced to five years and six months’ imprisonment, with a non-parole period of four years, following an investigation conducted by ASIC and the AFP as part of the Serious Financial Crime Taskforce (SFCT).

The SFCT first began investigating the criminal syndicate in late 2018. On 30 April 2019, AFP and ASIC investigators executed search warrants at the Melbourne woman’s residence after intercepting her at Melbourne Airport as she returned to Australia from Turkey. 

An examination of the woman’s laptop computer and mobile phones identified the details and images of hundreds of stolen identification documents. Hard-copy documents used to facilitate the offending were also located and seized.

ASIC and the ATO said that their investigation showed that the woman worked as part of an international criminal syndicate which used fraudulently-obtained identities to commit “large-scale and sophisticated cybercrimes”.

They explained that stolen identity information purchased from darknet marketplaces, together with single-use telephone SIM cards and fake email accounts, were used to undertake an ‘identity takeover’ of unsuspecting victims.

“These false identities were created to mimic real individuals who unknowingly had their identities compromised and were then used to open bank accounts at various Australian institutions. Investigators found at least 60 bank accounts created using these mimicked identities,” ASIC and the ATO said.

“Once the false identities and accounts were established, the syndicate illegally accessed and stole money from the superannuation and share trading accounts of these victims.”

According to ASIC and the ATO, the Melbourne woman worked with others to create a cloned website that mimicked the legitimate website of a super fund using a domain name that was almost identical to the fund’s actual site. 

Online advertisements were used to promote the cloned website and bring it to the top of search engine results, with the intention of harvesting usernames and passwords to gain unauthorised access to accounts.

“The syndicate withdrew the superannuation savings of victims and deposited them in the fraudulent bank accounts,” said ASIC and the ATO.

“The stolen funds were laundered by sending them to an overseas contact, who used the funds to purchase untraceable assets such as jewellery and luxury brand items in Hong Kong. These were then sold and the money remitted to the offender in Australia through cryptocurrencies.”

In a statement, ASIC deputy chair Sarah Court said that data breaches within Australia’s financial system posed “significant threats”.

“Driving good cyber-risk and operational resilience practices in financial services and markets is a continuing priority for ASIC,” she said.

“Where appropriate, we will act to address digitally-enabled misconduct, including scams. We encourage all entities to be cyber vigilant and act quickly to protect consumers.”

Ms Court added that, as the conduct regulator for super, ASIC is particularly concerned at the sophistication and complexity of crimes that aim to defraud people of their retirement savings.

“We encourage Australians to check their super balance and change their passwords regularly, as one way to protect their superannuation from fraud,” she concluded.

The Melbourne woman originally pleaded guilty to the following three offences on 26 November 2021:

• One State based common law charge of conspiring to defraud superannuation funds (successful and attempted fraud totalling $4.7 million)
• One State based common law charge of conspiring to defraud share trading funds (successful and attempted fraud totalling $5.9 million)
• One Commonwealth offence of conspiracy to deal in proceeds of crime to the value of more than $1 million ($2.5 million).