A 43-year-old Nigerian man has been arrested by NSW Police for orchestrating a $3 million business email compromise scam under the noses of authorities from within Villawood immigration detention centre.
NSW Police said investigators from the State Crime Command’s Cybercrime Squad had made the arrest yesterday after carrying out three search warrants at the facility with Australian Border Force officials.
The man has been accused of directing the activities of a four-person fraud syndicate that is believed to have netted more than $3 million through business email compromises.
The arrests and raids coupled with the large amount of cash is a significant embarrassment for the Department of Home Affairs which controls the facility.
The management of Villawood is outsourced to controversial services firm Serco, which recently won a tender to provide call centre services at Centrelink.
Cybercrime detectives have been investigating criminal syndicates involved with business email compromises and identity theft through Strike Force Woolana since earlier this year.
The 43-year-old man is charged with knowingly directing the activities of criminal group, two counts of knowledge dealing with proceeds of crime, and possessing identity information to commit an indictable offence.
During the search detectives seized 16 mobile phones, SIM cards, identification information, and electronic storage devices.
The arrest follows the earlier arrests of three individuals by the Cybercrime Squad last week.
This includes a 36-year-old woman, who has been charged with 11 counts of knowingly dealing with the proceeds of crime, and two 20-year-old individuals that are also believed to be involved in the scheme.
Cybercrime Squad Commander, Detective Superintendent Arthur Katsogiannis said the arrests were a timely reminded to businesses to review their electronic account payment practices to protect again scams.
“In this day and age, most companies use electronic accounting systems and pay accounts electronically, which can make them susceptible to business email compromise scams,” he said Katsogiannis said.
“We would encourage all businesses to develop systems to combat against scams, including scrutiny of email requests to transfer funds or change account details, and standard procedures to follow to protect against business email compromises.
“While there are many variables, generally, the perpetrators will ‘spoof’ or compromise corporate executive or employee email accounts and send email requests to an accounts payable employee for an electronic funds transfer.
“Staff should be suspicious about these types of requests, and if they take the time to verify the authenticity of the email, whether it be via phone or a fresh email, they can potentially prevent the compromise.