Major super funds caught in fraud scandal

Several of Australia's largest superannuation funds were targeted by an online fraud syndicate which siphoned millions from share-trading and super accounts.

A Melbourne woman appeared in court yesterday after allegedly taking part in an online fraud syndicate which used stolen information to access and steal funds from share-trading and superannuation accounts.

According to reports, AustralianSuper, Rest, Hostplus and HESTA have been named as super funds that were targeted by the syndicate, along with LUCRF Super and Club Plus.

The brokers involved have been reported to be CMC Markets, IG Markets and CommSec.

Australian Federal Police and ASIC conducted investigations into the syndicate's activities for over a year.

Working as part of a syndicate, ASIC believes the 21-year-old used stolen information purchased from dark net marketplaces, together with single use telephone SIM cards and fake email accounts, to undertake an "identity takeover".

Once the false identities and accounts were established, ASIC and the AFP allege the syndicate committed cybercrime offences to steal money from the super accounts of these victims, and from their share-trading accounts in ASX-listed companies.

It is alleged the stolen funds were then laundered through an overseas contact to purchase untraceable assets like jewellery and then transferred back to Australia through cryptocurrencies.

"These identities, fraudulently created to mimic real individuals who unknowingly had their identities compromised, were then used to open bank accounts at various Australian banking institutions. Investigations have uncovered at least 70 bank accounts created using fraudulently-obtained identities to date," ASIC said.

In a statement, AustralianSuper spokesperson Stephen McMahon said: "When we became aware of the fraud attempts last year, AustralianSuper immediately reported these irregularities to both the Australian Federal Police and local police."

He added that "less than five" AustralianSuper members were affected and all were contacted.

"A number of new cyber-security measures have recently been implemented by the fund to further protect member accounts. AustralianSuper continues to work to further strengthen our security systems," he said.

A spokesperson for Club Plus told Financial Standard: "Identity theft is an appalling crime and we've been working closely with authorities to aid their investigation, as well as conducting our own review. We have not identified any additional fraudulent activity where a member has not already been contacted."

"We will continue to inform and educate our members about identity theft, particularly via phishing, and the best means to mitigate the risk."

LUCRF Super executive manager, distribution Chris Deakin told Financial Standard the fund is assisting the AFP with its investigation but would not comment any further.

Earlier today, HESTA released a statement on social media which reads: "You may have seen media reports naming HESTA among several super funds targeted by a cyber fraud ring."

"We want to reassure that no HESTA members have lost super. Our systems are designed to detect any unusual activity, so we can act quickly to protect our members' accounts."

A Rest spokesperson also commented, saying the fund is fully cooperating with regulators and law enforcement on the matter.

"Our members can be assured that we have strict controls and processes in place to protect their money. We quickly identify and act on any suspicious attempts to access member information and possible identity fraud. We also report suspicious transactions to AUSTRAC," the spokesperson said.

Australian Administrative Services, owned by Link Group, serves as administrator for Club Plus, HESTA, Hostplus and AustralianSuper. All of LUCRF Super's administration is done in-house.

On the broker side, CommSec also provided comment, saying: "At CommSec, the security of our customers' details is paramount. We continuously invest in our security systems, procedures and account monitoring processes to detect, identify and respond to cyber security threats."

" We also work collaboratively with the Australian Cyber Security Centre, law enforcement agencies and the wider financial services industry in combating cyber crime."

Summing up, AFP manager of cybercrime operations and acting commander Chris Goldsmid said: "The consequences of the breaches we have discovered are far-reaching, and can be traced back to cybercrime offences that impact everyday Australians."

The woman has been charged with multiple offences relating to fraud, unauthorised access of data and dealing with  the proceeds of a crime.

Investigations into the syndicate are continuing, and further arrests and charges have not been ruled out.

Commsec, Hostplus, IG Markets and Rest were also reached for comment.

CMC Markets would not comment as the case is still before the courts.

* This story was updated at 3.40pm to include AustralianSuper's comments.

* This story was updated again at 4.43pm to include CommSec and Rest's comments.

Read more: AustralianSuperCommsecHESTAASICClub PlusHostplusLUCRF SuperAustralian Federal PoliceCMC MarketsFinancial StandardIG MarketsAustralian Administrative ServicesChris DeakinChris GoldsmidLink Group
Link to something OTQqIAlY