ARN

AFP investigation lands alleged phishing scam mastermind

The phishing threat impacted 11 countries

An operation by the Australian Federal Police (AFP) has led to the arrest of the alleged developer of a phishing package and administrative panel thought to be involved in roughly 50 per cent of all phishing scams in Australia in 2019.

The AFP’s cybercrime operations unit began investigating a series of phishing scam services in December 2018 following information provided by several Australian banking institutions.

The information garnered by the AFP indicated that cybercriminals were using a Universal Admin (U-Admin) phishing kit to steal user bank login details and intercept outgoing transactions.

The AFP worked with domestic and international partners to track and identify the developer of the U-Admin responsible for the phishing kits, used to steal millions of dollars from Australian bank account holders.

Now, the multi-country investigation has resulted in the arrest of a 31-year-old Ternopil man in Ukraine and the take down of this particular cybercrime threat, which had impacted at least 11 countries.

According to the AFP, the developer of the U-Admin phishing kits allegedly created the tools cybercriminals needed to send tens of thousands of SMS phishing scams with links to replica banking websites.

The intent of the SMS phishing scam, the AFP said, was that once someone clicked on the link and input their login details into that replica banking website, the cybercriminal gained control of their bank account, including the authentication token code.

Police allege the man not only developed the U-Admin phishing kits used to steal tens of millions of dollars from nearly a dozen countries, but was also involved in sending phishing scams and conducted demonstrations on the DarkNet for cybercriminals to better understand how to use his products.

“The arrest in the Ukraine is a clear message to cybercriminals everywhere; it doesn’t matter if you live in Australia or across the world, the AFP is working with its domestic and international partners to tackle the global threat of cybercrime and your activities are being targeted by multiple law enforcement agencies,” AFP Commander Cybercrime Operations Chris Goldsmid said.

The arrest comes just weeks after the AFP seized a trove of digital devices following a series of search warrants in Queensland relating to the shutdown of DarkMarket, claimed to be the world’s largest illegal marketplace on the dark web.

Those local raids came almost exactly a week after German police arrested a 34-year-old Australian national accused of operating the DarkMarket marketplace, which it said was used for selling drugs, counterfeit cash, stolen credit card data, anonymous SIM cards and malware.   

The Australian man, who was arrested near the border of Germany and Denmark on 11 January, was accused of being an administrator of DarkMarket.