Criminals utilized a public communication channel with Australia’s cyber police to defraud local citizens of digital assets.
According to the AFP, unknown individuals illegally intercepted personal data such as emails and phone numbers through the Joint Policing and Cybercrime Coordination Centre’s database.
This information enabled them to send fraudulent requests on behalf of victims via the national online crime alert system ReportCyber.
According to the report, one victim received a call from someone posing as a police officer. The caller claimed the victim’s name appeared in a data breach list of cryptocurrency wallets and provided an official incident reference code from ReportCyber.
The victim verified the information on the website, where indeed their email was listed, data obtained by the perpetrators through the breach.
The scammers then called back, posing as the exchange’s “support service,” and requested the transfer of funds to a “secure wallet.” At this point, the victim became suspicious and terminated the communication.
In several other instances, similar methods such as “spoofing” phone numbers were employed.
AFP Detective Superintendent Mari Anderson stated that the new scam created an “appearance of legitimacy”:
“Cybercriminals conduct a verification process of the victim’s personal data, which may align with common expectations. Moreover, they quickly transition from messages to calls, creating a sense of urgency.”
She noted that the incident highlights increasingly sophisticated and calculated methods used by fraudsters to exploit the trust of Australians.
Back in September, a user lost 783 BTC in a social engineering attack. The perpetrators posed as representatives of a cryptocurrency exchange and a hardware wallet support service.