Australians have lost millions to phishing scams. This man teaches criminals how to do it | 7.30
Summary
TLDRThe video script details the alarming rise of online tax fraud in Australia, with over 15,000 victims and losses exceeding half a billion dollars. It features Michaela Hul, a new mother who fell for a phishing scam, leading to scammers opening a bank account in her name and stealing funds. The narrative also uncovers a global phishing network, 'Bullet Prof Link,' operated by a Malaysian businessman, Adrien Bin Katong, who sold fake login pages and offered tutorials to scammers. Despite his arrest, Katong has yet to be charged, and the phishing activities continue, highlighting the urgent need for cyber security and justice for victims.
Takeaways
- π Michaela, a new mother from Germany, became a victim of online tax fraud in Australia, highlighting the global reach of such scams.
- π² She received a deceptive text message that appeared to be from the government, prompting her to log into a fake website.
- π¨ After realizing the website was fraudulent, Michaela changed her password and reported the incident but received no response from the authorities.
- πΈ Scammers, using her stolen credentials, managed to fraudulently obtain a tax refund of $16,000 that Michaela was not entitled to.
- π’ The Australian Tax Office (ATO) has seen over 15,000 victims of online tax fraud, with losses amounting to half a billion dollars.
- π The script reveals the existence of a global phishing network where stolen credentials and fake web pages are traded.
- π€ Gabor Sari, a cybersecurity expert, discovered a server hosting hundreds of fake login pages, leading to the uncovering of a large-scale phishing operation.
- π Gabor's investigation led to the identification of a key facilitator of these scams, a Malaysian businessman operating under the name 'Bullet Prof Link'.
- π’ This businessman offered a range of phishing services, including fake login pages and tutorials, catering to a wide range of cybercriminals.
- πΌ Beex Kned, a cyber investigator, was contracted by the Australian government to trace the cyber attack, leading to the identification of the same Malaysian suspect.
- π Despite the businessman's arrest, he has not been charged, and his phishing activities continue, indicating the challenges in combating cybercrime.
Q & A
What was the significant event in Michaela's life during her first year in Australia?
-Michaela became a mom and had a newborn during her first year in Australia.
What prompted Michaela to realize she had fallen for a scam?
-An unusual Red Alert flashed across the screen after she clicked on a text message reminding her to lodge a tax return.
What was the fraudulent action taken by scammers in Michaela's case?
-Scammers opened a bank account in Michaela's name and stole funds from the Australian Tax Office (ATO).
How much money did the ATO lose due to online tax fraud over the past couple of years?
-The ATO lost a staggering half a billion dollars due to online tax fraud.
What was the name of the website that Gabor Sari discovered was linked to a global phishing network?
-The website was called Bullet Prof Link.
What services did Bullet Prof Link offer to cyber criminals?
-Bullet Prof Link offered fake login pages for various services like myGov, Dropbox, or Microsoft, and even provided phishing tutorials for beginners.
Who was the key facilitator of the phishing scams that Gabor Sari helped to uncover?
-The key facilitator was a Malaysian businessman named Adrien Bin Katong.
What was the outcome of the investigation led by Beex Kned into the phishing attack on an Australian government agency?
-Beex Kned identified Adrien Bin Katong as the suspect behind the phishing attack and shared the information with the Malaysian police and the FBI.
What was the status of Adrien Bin Katong after his arrest in relation to the phishing network?
-Eight months after his arrest, Adrien Bin Katong had still not been charged, and his phishing activity continued through his Telegram page.
What was the role of the Australian Federal Police (AFP) in the investigation of the phishing network?
-The AFP worked with Beex Kned, received the dossier on the phishing network, and shared the information with the Malaysian police.
Outlines
π¨ Online Tax Fraud and Identity Theft Exposed
Michaela, a new mother and recent immigrant to Australia, fell victim to a phishing scam involving a fake tax return notification. Despite quickly recognizing the scam and changing her password, her information was already compromised. Scammers opened a bank account in her name and fraudulently claimed a tax refund. The Australian Tax Office (ATO) has seen a significant rise in online tax fraud, with over 15,000 victims and losses exceeding half a billion dollars. The video reveals the operations of a global phishing network, where stolen credentials and fake webpages are traded. Gabo Sari, a cybersecurity expert, uncovers the network and identifies a key facilitator, exposing the dark side of a seemingly successful individual in Malaysia.
π Unmasking the Cybercriminal: The Malaysian Connection
Gabo Sari's investigation leads to the identification of a Malaysian businessman, Adrian Bin Katong, who operates a website selling phishing tools and services. His public life contrasts sharply with his illicit activities, which include selling fake login pages and offering tutorials for novice scammers. Beex Kned, an investigator, is brought in to assess a phishing attack on an Australian government agency. She identifies the same Malaysian businessman as the suspect, linking him to the attack through a driver's license photo. Despite his arrest, Adrian Bin Katong has not been charged, and his operations continue unabated, highlighting the challenges in prosecuting cybercriminals.
π The Persistent Threat of Phishing: A Global Issue
The video concludes with a look at the ongoing challenges in combating phishing scams. Despite Adrian Bin Katong's arrest, his business activities continue, suggesting that the fight against cybercrime is far from over. The Australian Federal Police (AFP) and Malaysian authorities are still gathering evidence, but the lack of charges and the persistence of phishing activities underscore the complexity of the issue. The story serves as a cautionary tale, reminding viewers of the importance of vigilance in the digital age and the need for continued efforts to combat cybercrime.
Mindmap
Keywords
π‘Tax Return
π‘Scam
π‘Phishing
π‘Red Alert
π‘Password
π‘ATO (Australian Taxation Office)
π‘Fishing Network
π‘Identity Theft
π‘Cybersecurity
π‘Malaysian Police
π‘Dark Web
Highlights
Michaela, a new mother in Australia, fell victim to a tax-related scam in 2023.
Scammers used a fake government login page to steal personal information.
Despite reporting the scam, Michaela received no response from the authorities.
Scammers opened a bank account in Michaela's name and stole funds.
Over 15,000 victims of online tax fraud have been reported in Australia.
The Australian Tax Office (ATO) lost half a billion dollars to scams.
Gabor Sari, a cybersecurity expert, discovered a global phishing network.
Phishing templates for popular services were sold on the dark web.
Bullet Prof Link was identified as a one-stop shop for identity theft tools.
The owner of Bullet Prof Link was inadvertently revealed in a tutorial video.
The key figure behind the scam operation was identified as a Malaysian businessman.
Adrien Bin Katong was arrested but has not been charged due to lack of evidence.
Despite his arrest, Katong's phishing activity continued unabated.
The Australian Federal Police (AFP) is working with foreign partners on the case.
The Malaysian police confirmed they are still gathering intelligence on the case.
The impact of a single click can lead to significant financial and personal loss.
Transcripts
I'm from Germany I was new to Australia
it was my first year where I had to do a
tax
return 2023 was a big year for Michaela
hle she moved to a new country and
became a
mom I had a newborn and she was around
10 weeks old at the time so I didn't
sleep a lot early one morning m a
received a text message reminding her to
Lodge a tax return I just clicked the
text and then I was forwarded to my
government login page it said you need
to put in your name your date of birth
your
address then an unusual Red Alert
flashed across the
screen and that's when I thought oh no
this was a false website and I just fell
for it
Michaela quickly changed her password
and reported the scam attempt to MAV but
never got a response 7 days later she
received a letter from the tax
office yeah so this is the letter I was
sent um from the AO for so you see the
date is the 6th of October so it was
quite rapidly afterwards um so seven
days after you receive the text you get
a refund for 16,000
Michaela was never entitled to a refund
and never saw the money scammers had
opened a bank account in her name and
stolen those funds from the
atto you can change in a single day in
your ATO account your bank details your
email your phone send off a tax return
and get paid 6 days later
$116,000 yeah I definitely thought I I'm
probably not the only
[Music]
one Michaela hul is one of more than
15,000 victims of online tax fraud in
Australia over the past couple of years
in that time the ATO lost a staggering
half a billion dollars now 7:30 can
reveal the identity of one of the key
facilitators of these scans we take you
inside one of the world's largest
fishing
operations with a multi-billion dollar
business across the globe they are
getting better and better and more and
more successful you could use it for
cracking passwords hacking passwords you
could for the past 15 years gabo sari
has worked to protect businesses from
cyber attacks when he received a fishing
email in 2020 he was surprised by how
authentic it
looked apparently it came from a an
accountant in Sydney it looked
legitimate it had perfect language it
was perfect perfectly written uh I
recognized it was a scam uh so instead
of signing in with my uh actual creden
first I decided to dig into it but the
interesting thing is Hagar that if you
look into the source code of this
website the email he'd received was
linked to a global Fishing Network where
stolen credentials and fake web pages
are bought and
sold I managed to find out that hundreds
of other fake login Pages were using the
same server for collecting the usernames
the stolen usernames and passwords I was
going down the rabbit Hall and I
eventually found out who owns this
server so what we can see on the screen
is one of the signin Pages what he found
was a One-Stop shop for identity theft
called bullet Prof link for up to $100
you could buy fake myv Dropbox or
Microsoft login Pages all designed to
fall unsuspecting people into giving up
their personal
details bullet Prof link was a selling
fishing templates for mygov and
potentially hosting mygov uh login Pages
fake login Pages as well so as you can
see on the screenshot The Man Behind
this operation has given given thousands
of scammers the tools to defraud people
all over the
world he even offered fishing tutorials
for
beginners that scammer was uh
demonstrating how uh the fishing
template can be installed how it can be
hosted and how it
works that's when Gabor had a
breakthrough in one of these tutorials a
key figure inadvertently revealed their
identity
[Music]
this person had a very public life on
social media this person lives in
Malaysia uh what you can see that he has
a successful life he purchased several
cars in the past few years a motorbike
probably what his friends and family
don't know uh is the Dark Truth where
the actual money is coming
from how did you feel about unmasking
the scammer it was a relief because
finally I could put a name and face on a
on a scammer and uh I was hoping that
finally this person could be brought to
justice so perhaps I can show gabos of
Mari shared everything he found with
Malaysian police and the FBI in October
2020 around the same time scammers
struck an Australian government agency
the initial brief was fairly
straightforward in terms of you know
we've experienced a fishing
attack perth-based investigator beex
kned had spent years tracking cyber
criminals on behalf of government and
private clients she gets called in to
investigate when cyber criminals
infiltrate an
organization in my case you're coming in
when something has gone
wrong beex United W name her government
client but was engaged to find those
responsible they wanted to know have we
identified all of the compromised
accounts have they stolen financial
information um you know what were the
consequences they wanted to know well
why did they do this what were their
motivations who's behind this within
days she identified a suspect it was the
same Malaysian
businessman getting to the stage where
you can identify the person behind the
attack is quite hard and rare one of the
things that I came across was a
photograph of driver's license to
connect him to that malicious
activity based in sabba on the island of
Borneo Adrien Bing katong looks like a
devoted Family
[Music]
Man bullet Prof link uh website was an
e-commerce website just like any other
business might be selling online Goods
except his online goods were illegal on
the dark web no on the clear web you can
find it on Google so not hidden at
all in just a couple of years Adrien
Kong had expanded his operation
offering cyber criminals a range of
fishing products and
services his activity uh started ramping
up in 2020 he was increasing his prices
started offering Services um like
conducting fishing attacks on behalf of
other people so they didn't need to put
in the work he catered to a broad range
of
criminals how much money is he making
out of all of this based on his own
claims a million dollar in One Financial
year this is where Adrian katong built
his fishing Empire by 2021 he had about
8,000 clients if each of those actors
had one fishing site that generated a
few thousand victims over a month um if
you do the math on
that now a cyber investigator Frank
branti was working with the afp's cyber
crime unit when he received beex kned
files on the fishing
network not every investigation starts
with um you having a comprehensive
dossier on on you know how large an
operation is um who's behind it uh what
country they live in and a picture of
their house uh beex had done a really
good job of pulling all the pieces
together the AFB shared their
information with the Malaysian police in
November last year Adrien bin katong was
arrested the AFB put out this press
release there was a lot of evidence that
pointed towards katong um you know from
what I saw um it looked pretty damning
but again it's not always what we know
it's sometimes what we can
prove 8 months after his arrest Adrien
bin katong has still not been charged
beex kned says he's rebuilding his
business throughout his arrest the posts
continued on his telegram page
advertising the services so yeah the
fishing activity definitely continues
for him to have been doing this without
consequences and in the open you know is
pretty pretty
incredible beex KN is watching closely
to see what happen
next I've got a pile more information
that I can share but you know I'd really
like to see Justice for the
victims the AFB declined to respond to
our detailed questions saying it
continues to work with foreign Partners
on this case the Malaysian police told
the ABC it is still Gathering Intel for
more analysis confirming no charges have
been laid against Adrien katong
Adrian katong did not respond to our
messages there's just a small Split
Second of where you not
thinking correctly you click and that's
it
Browse More Related Video
5.0 / 5 (0 votes)