Two examples of business email compromise (BEC) fraud in NSW have resulted in the theft of more than $A4 million, with a hospital and NSW Government department the victims. 

A man faced court on charges by Cybercrime Squad detectives for his alleged role in a scam involving $A2 million from a hospital in Sydney's south west. 

In September 2024, detectives attached to State Crime Command’s Cybercrime Squad established Strike Force Millbon to investigate reports of alleged business email compromise (BEC) fraud of a hospital which resulted in the theft of $2 million through multiple transactions. 

Following extensive investigations, strike force detectives executed a search warrant at a home on Sydney. During the search, detectives located and seized multiple electronic devices. 

A 49-year-old man was arrested at the home and taken to Bankstown Police Station. 

He was charged with recklessly deal with proceeds of crime more than $A5,000. 

Another man faced court this week charged by Cybercrime Squad detectives for his alleged role in scamming the NSW Government of $A2 million 

Detectives identified that a NSW Government department had transferred $2.1 million to who they thought was a legitimate financial institution. 

During a search of the man’s home, detectives also located and seized multiple electronic devices. 

Police will allege in court the man used his bank account to help scammers move the $2.1 million into other accounts. 

Commander of State Crime Command’s Cybercrime Squad, Detective Superintendent Matt Craft, said even big businesses and government organisations can fall victim to BEC fraud. 

“A business email compromise is where the scammer uses what looks like an official email to trick someone within an organisation into sending money on behalf of the company,” Det Supt Craft said. 

“But it’s important to remember that the NSW Police Force works closely with banks and every electronic transaction in Australia leaves a permanent record, so we can act quickly when suspicious activity is identified. 

“Our success in targeting these types of criminals is thanks to the co-operation that exists within the Joint Policing Cybercrime Co-ordination Centre (JPC3) and due to the quick actions all funds were recovered.”