The Australian Federal Police (AFP) has arrested five men as part of a global raid on a cyber-criminal gang linked to industrial-scale phishing.
The sting relates to the website LabHost, which was used to steal personal information from 94,000 people in Australia, and many more overseas.
According to the AFP, Australians are believed to be among LabHost’s top three user countries.
Two men, one from Melbourne and one from Adelaide, were arrested for using the “one-stop-shop” for phishing, and charged with cybercrime-related offences following the AFP’s investigation, known as Operation Nebulae.
The AFP told iTnews that the Melbourne man faced Melbourne Magistrates Court today charged with one count of failing to provide a password and one count of unauthorised access, modification or impairment with the intent to commit a serious offence.
The Adelaide man went before Elizabeth Magistrates Court charged with seven counts of failing to provide a password.
Three Melbourne men were also arrested by Victoria Police and charged with drug-related offences.
The AFP claimed the investigation has identified more than 100 people in Australia who have used LabHost.
The Europol-coordinated investigation saw 70 simultaneous search warrants executed in multiple countries, leading to the arrest of 37 people globally and the shutdown of LabHost’s domain.
In the UK, police arrested four people who allegedly ran the site, including the original developer of the platform.
In Australia, meanwhile, 200 officers from the AFP’s Joint Policing Cybercrime Coordination Centre (JCP3), executed 22 search warrants across five states. This included 14 in Victoria, two in Queensland, three in NSW, one in South Australia and two in Western Australia.
The arrests follow more than 108,000 Scamwatch reports of phishing attacks last year, which totalled nearly $26 million in losses in Australia.
LabHost alone was said to have the potential to cause $28 million in further losses through the theft of Australian credentials, according to the AFP.
“LabHost is yet another example of the borderless nature of cybercrime and the takedown reinforces the powerful outcomes that can be achieved through a united, global law enforcement front,” said acting assistant commissioner cyber command Chris Goldsmid.
“Australians who have used LabHost to steal data should not expect to remain anonymous.
“Authorities have obtained a vast amount of evidence during this investigation and we are working to identify anyone who has used this platform to target innocent victims.”
Identity takeovers, extortion and blackmail
LabHost allows users to pay around $270 a month for ‘phishing kits’,
This gives members access to up to 40,000 hosted phishing websites that replicate 170 legitimate sites, including those of banks, government bodies and other “major organisations”.
Members were also given email and text content generation and campaign services, which could be used to launch phishing attacks through texts and emails.
According to the AFP, these campaigns tricked people into providing personal information such as online banking logins, credit card details and passwords.
As a result, “victims of phishing attacks are subject to ongoing security risks and criminal offending, including identity takeovers, extortion and blackmail”, added Goldsmid.
At the time of the global police raid, LabHost was used by more than 10,000 people globally, including from the United States, the United Kingdom, Ireland and Australia.