## Global Phishing Scam Dismantled, Five Australians Arrested
The Australian Federal Police (AFP) announced the arrest of five Australians among 37 individuals involved in a global phishing scam that targeted tens of thousands of people. The scam, involving 10,000 cybercriminals worldwide, utilized the platform LabHost to trick victims into divulging personal information like online banking logins, credit card details, and passwords.
Among the victims were 94,000 Australians. Police arrested two men, one each from Melbourne and Adelaide, who allegedly used LabHost and charged them with cybercrime offenses. Three other men in Melbourne were arrested for drug offenses.
AFP Acting Assistant Commissioner for Cyber Command Chris Goldsmid stated that the Joint Policing Cybercrime Coordination Centre made the arrests following an international takedown of the cybercrime platform. He explained that LabHost was marketed as a one-stop-shop for phishing, a technique used by cybercriminals to trick victims into providing personal information for criminal purposes or stealing money.
The AFP alleges that LabHost impersonated over 170 fraudulent websites, including reputable banks, government entities, and other major organizations, to deceive unsuspecting victims. By clicking on the links, cybercriminals could obtain sensitive information like one-time pins, usernames and passwords, security questions, and passphrases. This information could then be used to access legitimate enterprises, such as financial institutions, and steal funds from victims' bank accounts.
LabHost, originating in Canada, initially targeted North America before expanding to the United Kingdom, Ireland, and eventually becoming global. Australian criminals were among the top three user countries. Cybercriminals would subscribe to the website for $270 per month and receive phishing kits, including infrastructure for hosting phishing websites, email and text content generation, and campaign overview services, enabling them to exploit victims effectively.
The international operation involved 200 officers from New South Wales, Victoria, Queensland, Western Australia, and the AFP. Twenty-two search warrants were executed across five states, including 14 in Victoria, two in Queensland, three in NSW, one in South Australia, and two in Western Australia.
Last year, Scamwatch received 108,000 reports of phishing attacks, amounting to $26 million in losses. Acting Assistant Commissioner Goldsmid warned those using LabHost that they should not expect to remain anonymous. The AFP is working to identify anyone who has used the platform to target innocent victims.
The AFP urges individuals to access information online to help them spot a phishing scam, including videos available on their YouTube channel. Victims can contact police to report the attack or visit cyber.gov.au.