Australians have lost millions to phishing scams. This man teaches criminals how to do it | 7.30

00:04

I'm from Germany I was new to Australia

00:07

it was my first year where I had to do a

00:09

tax

00:11

return 2023 was a big year for Michaela

00:15

hle she moved to a new country and

00:18

became a

00:19

mom I had a newborn and she was around

00:23

10 weeks old at the time so I didn't

00:26

sleep a lot early one morning m a

00:30

received a text message reminding her to

00:33

Lodge a tax return I just clicked the

00:36

text and then I was forwarded to my

00:39

government login page it said you need

00:42

to put in your name your date of birth

00:44

your

00:46

address then an unusual Red Alert

00:50

flashed across the

00:52

screen and that's when I thought oh no

00:55

this was a false website and I just fell

00:59

for it

01:00

Michaela quickly changed her password

01:02

and reported the scam attempt to MAV but

01:06

never got a response 7 days later she

01:09

received a letter from the tax

01:11

office yeah so this is the letter I was

01:14

sent um from the AO for so you see the

01:18

date is the 6th of October so it was

01:20

quite rapidly afterwards um so seven

01:23

days after you receive the text you get

01:26

a refund for 16,000

01:30

Michaela was never entitled to a refund

01:34

and never saw the money scammers had

01:37

opened a bank account in her name and

01:40

stolen those funds from the

01:42

atto you can change in a single day in

01:47

your ATO account your bank details your

01:51

email your phone send off a tax return

01:55

and get paid 6 days later

01:58

$116,000 yeah I definitely thought I I'm

02:01

probably not the only

02:02

[Music]

02:04

one Michaela hul is one of more than

02:08

15,000 victims of online tax fraud in

02:11

Australia over the past couple of years

02:14

in that time the ATO lost a staggering

02:17

half a billion dollars now 7:30 can

02:20

reveal the identity of one of the key

02:23

facilitators of these scans we take you

02:26

inside one of the world's largest

02:29

fishing

02:32

operations with a multi-billion dollar

02:34

business across the globe they are

02:37

getting better and better and more and

02:39

more successful you could use it for

02:41

cracking passwords hacking passwords you

02:44

could for the past 15 years gabo sari

02:48

has worked to protect businesses from

02:50

cyber attacks when he received a fishing

02:53

email in 2020 he was surprised by how

02:57

authentic it

02:58

looked apparently it came from a an

03:01

accountant in Sydney it looked

03:04

legitimate it had perfect language it

03:06

was perfect perfectly written uh I

03:09

recognized it was a scam uh so instead

03:12

of signing in with my uh actual creden

03:15

first I decided to dig into it but the

03:19

interesting thing is Hagar that if you

03:20

look into the source code of this

03:22

website the email he'd received was

03:24

linked to a global Fishing Network where

03:27

stolen credentials and fake web pages

03:30

are bought and

03:32

sold I managed to find out that hundreds

03:35

of other fake login Pages were using the

03:38

same server for collecting the usernames

03:40

the stolen usernames and passwords I was

03:43

going down the rabbit Hall and I

03:45

eventually found out who owns this

03:48

server so what we can see on the screen

03:50

is one of the signin Pages what he found

03:53

was a One-Stop shop for identity theft

03:56

called bullet Prof link for up to $100

04:01

you could buy fake myv Dropbox or

04:04

Microsoft login Pages all designed to

04:07

fall unsuspecting people into giving up

04:10

their personal

04:12

details bullet Prof link was a selling

04:16

fishing templates for mygov and

04:18

potentially hosting mygov uh login Pages

04:22

fake login Pages as well so as you can

04:25

see on the screenshot The Man Behind

04:28

this operation has given given thousands

04:30

of scammers the tools to defraud people

04:33

all over the

04:35

world he even offered fishing tutorials

04:38

for

04:40

beginners that scammer was uh

04:43

demonstrating how uh the fishing

04:45

template can be installed how it can be

04:47

hosted and how it

04:50

works that's when Gabor had a

04:53

breakthrough in one of these tutorials a

04:56

key figure inadvertently revealed their

04:59

identity

05:00

[Music]

05:01

this person had a very public life on

05:05

social media this person lives in

05:08

Malaysia uh what you can see that he has

05:11

a successful life he purchased several

05:14

cars in the past few years a motorbike

05:17

probably what his friends and family

05:19

don't know uh is the Dark Truth where

05:23

the actual money is coming

05:25

from how did you feel about unmasking

05:28

the scammer it was a relief because

05:30

finally I could put a name and face on a

05:33

on a scammer and uh I was hoping that

05:36

finally this person could be brought to

05:40

justice so perhaps I can show gabos of

05:44

Mari shared everything he found with

05:46

Malaysian police and the FBI in October

05:50

2020 around the same time scammers

05:53

struck an Australian government agency

05:59

the initial brief was fairly

06:01

straightforward in terms of you know

06:04

we've experienced a fishing

06:06

attack perth-based investigator beex

06:10

kned had spent years tracking cyber

06:13

criminals on behalf of government and

06:15

private clients she gets called in to

06:18

investigate when cyber criminals

06:21

infiltrate an

06:23

organization in my case you're coming in

06:26

when something has gone

06:28

wrong beex United W name her government

06:31

client but was engaged to find those

06:35

responsible they wanted to know have we

06:38

identified all of the compromised

06:40

accounts have they stolen financial

06:44

information um you know what were the

06:47

consequences they wanted to know well

06:51

why did they do this what were their

06:52

motivations who's behind this within

06:56

days she identified a suspect it was the

07:00

same Malaysian

07:03

businessman getting to the stage where

07:05

you can identify the person behind the

07:07

attack is quite hard and rare one of the

07:10

things that I came across was a

07:13

photograph of driver's license to

07:17

connect him to that malicious

07:22

activity based in sabba on the island of

07:25

Borneo Adrien Bing katong looks like a

07:28

devoted Family

07:30

[Music]

07:32

Man bullet Prof link uh website was an

07:36

e-commerce website just like any other

07:39

business might be selling online Goods

07:43

except his online goods were illegal on

07:46

the dark web no on the clear web you can

07:49

find it on Google so not hidden at

07:53

all in just a couple of years Adrien

07:57

Kong had expanded his operation

08:00

offering cyber criminals a range of

08:03

fishing products and

08:05

services his activity uh started ramping

08:09

up in 2020 he was increasing his prices

08:12

started offering Services um like

08:15

conducting fishing attacks on behalf of

08:18

other people so they didn't need to put

08:20

in the work he catered to a broad range

08:23

of

08:25

criminals how much money is he making

08:28

out of all of this based on his own

08:31

claims a million dollar in One Financial

08:35

year this is where Adrian katong built

08:38

his fishing Empire by 2021 he had about

08:43

8,000 clients if each of those actors

08:46

had one fishing site that generated a

08:51

few thousand victims over a month um if

08:55

you do the math on

08:56

that now a cyber investigator Frank

09:00

branti was working with the afp's cyber

09:03

crime unit when he received beex kned

09:06

files on the fishing

09:08

network not every investigation starts

09:11

with um you having a comprehensive

09:13

dossier on on you know how large an

09:16

operation is um who's behind it uh what

09:19

country they live in and a picture of

09:21

their house uh beex had done a really

09:24

good job of pulling all the pieces

09:27

together the AFB shared their

09:29

information with the Malaysian police in

09:32

November last year Adrien bin katong was

09:36

arrested the AFB put out this press

09:40

release there was a lot of evidence that

09:42

pointed towards katong um you know from

09:44

what I saw um it looked pretty damning

09:48

but again it's not always what we know

09:50

it's sometimes what we can

09:53

prove 8 months after his arrest Adrien

09:57

bin katong has still not been charged

10:01

beex kned says he's rebuilding his

10:04

business throughout his arrest the posts

10:07

continued on his telegram page

10:09

advertising the services so yeah the

10:12

fishing activity definitely continues

10:15

for him to have been doing this without

10:18

consequences and in the open you know is

10:22

pretty pretty

10:24

incredible beex KN is watching closely

10:28

to see what happen

10:30

next I've got a pile more information

10:33

that I can share but you know I'd really

10:35

like to see Justice for the

10:38

victims the AFB declined to respond to

10:42

our detailed questions saying it

10:44

continues to work with foreign Partners

10:46

on this case the Malaysian police told

10:49

the ABC it is still Gathering Intel for

10:52

more analysis confirming no charges have

10:56

been laid against Adrien katong

10:59

Adrian katong did not respond to our

11:02

messages there's just a small Split

11:05

Second of where you not

11:08

thinking correctly you click and that's

11:12

it