Melbourne woman sentenced after stealing millions from super, share trading accounts

The amount stolen is estimated to be more than $3.3 million. Attempts were made to steal an additional $7.5 million from the victims’ super and share accounts. The group also laundered an additional $2.5 million through the purchase, and on-selling, of luxury goods in Hong Kong.

The woman was sentenced to five years and six months of imprisonment with a non-parole period of four years.

The AFP and the Australian Securities and Investments Commission (ASIC), as part of the Serious Financial Crime Taskforce (SFCT), began investigating the syndicate in late 2018. 

On 30 April 2019, AFP and ASIC investigators executed search warrants at the then 21-year-old’s Derrimut residence, after intercepting her at Melbourne Airport as she returned to Australia from Turkey. An examination of her laptop computer and mobile phones identified the details and images of hundreds of stolen identification documents. Hard-copy documents used to facilitate the offending were also located and seized.

The investigation — codenamed Operation Birks — showed the woman worked as part of an international criminal syndicate that used fraudulently obtained identities to commit large-scale and sophisticated cyber crimes.

Stolen identity information purchased from darknet marketplaces, together with single-use telephone SIM cards and fake email accounts, were used to undertake an “identity takeover” of unsuspecting victims.

These false identities were created to mimic real individuals who unknowingly had their identities compromised and were then used to open bank accounts at various Australian institutions. Investigators found at least 60 bank accounts created using these mimicked identities.

Once the false identities and accounts were established, the syndicate illegally accessed and stole money from the superannuation and share trading accounts of these victims.

The offender worked with others to create a cloned website that mimicked the legitimate website of a superannuation fund, using a domain name that was almost identical to the legitimate site. Online advertisements were used to promote the cloned website to bring it to the top of the search engine. The intention was to harvest members’ usernames and passwords when they visited the cloned website (“phishing”). The stolen member information was used to gain unauthorised access to member accounts.

The syndicate withdrew the superannuation savings of victims and deposited them in the fraudulent bank accounts. The stolen funds were laundered by sending them to an overseas contact, who used the funds to purchase untraceable assets such as jewellery and luxury brand items in Hong Kong. These were then sold, and the money was remitted to the offender in Australia through cryptocurrencies.

AFP Commander Cybercrime Operations Chris Goldsmid said this complex investigation revealed cyber crime occurring on multiple levels with devastating impacts for the victims.

“The consequences of these breaches are far-reaching and can be traced back to cyber crime offences that can impact everyday Australians.

“We saw identity theft — where innocent victims had their personal details stolen and sold online in darknet marketplaces — hacking and phishing.”

“This investigation shows the devastating impacts that identity compromise can have — some people have lost their life savings, or had their retirement plans irrevocably changed because of the callous greed shown by this syndicate,” Commander Goldsmid said.

ATO Deputy Commissioner and SFCT chief John Ford said cyber-enabled crime is an ongoing priority for the SFCT, and it’s becoming more prevalent as criminals have access to rapidly evolving technology.

ASIC deputy chair Sarah Court said data breaches within Australia’s financial system are significant threats, with consequences that can affect people’s savings for retirement.