A man has been arrested following an international police investigation into a huge phishing campaign impacting victims across 11 countries.
The Australian Federal Police (AFP), which led the operation, said that a 31-year-old Ukrainian citizen was taken into custody accused of developing phishing tools and distributing them.
He also allegedly offered advice to cybercriminals on dark web forums, informing them on how to use the products, and allegedly conducted phishing scams himself. The man has not been identified by police.
Large-scale operation
AFP Cybercrime Operations began its investigation in December 2018 following information gained from Australian bank institutions, a press release reads.
The campaign in question was responsible for 50% of all phishing attempts made against Australians in 2019, the AFP said.
Police haven’t released technical details related to the tool, but confirmed it was used in SMS-based phishing attacks.
“The information indicated that cybercriminals were using a Universal Admin phishing kit to steal user bank login details and intercept outgoing transactions,” the release reads.
Police said that “tens of millions” of Australian dollars were stolen using the phishing kits. The number of victims has yet to be confirmed.
‘Clear message to cybercriminals’
The AFP said it worked with international law enforcement agencies including the National Police of the Ukraine, the US FBI, Europol, as well as police forces in Finland and Lithuania.
AFP commander of cybercrime operations Chris Goldsmid said: “The arrest in the Ukraine is a clear message to cybercriminals everywhere; it doesn’t matter if you live in Australia or across the world, the AFP is working with its domestic and international partners to tackle the global threat of cybercrime and your activities are being targeted by multiple law enforcement agencies.”