Identity fraud: How one email wiped out $300m – and sender walked free

A single email wiped $300 million off the value of an Australian mining company, after an environmental activist, Jonathan Moylan, created a “corporate email” address, used identity fraud to impersonate a press officer, and sent a press release to media organizations which suggested the company faced severe financial difficulties.

The Guardian reports that the activist sent an email from the domain, “” and used ANZ logos to make his fiction more convincing. He also had access to a group of media outlet contacts, which he used to perpetrate his scam.

The release, which used the name of ANZ’s serving press officer, with a phone number directed to Moylan, was picked up by media outlets. During trading thereafter, $300m was wiped off the mining company’s value.

Cybercriminal gangs use similar identity fraud tactics (as reported by We Live Security here) – aiming scam emails at contacts relating to news stories,  in the name of real companies, in the hope of earning money. Moylan’s lack of financial motive was a key factor in his suspended sentence, the judge said.

This summer, a similar tactic was employed against a leaked list of people who had enquired about the auction for Bitcoins from the “dark market”. Silk Road provided a target for phishing scammers – and at least one site fell for the scam emails.

Identity fraud – a potent weapon for cybercrime

A reported 100 Bitcoins ($63,300) were stolen from Bitcoin Reserve via a fake login page which harvested email credentials, according to TechCrunch’s report.

Coindesk reports that the scam targeted individuals on a list of people who had expressed interest in the auction for Bitcoins from Silk Road. The list was leaked after a member of the U.S. Marshals service used CC instead of BCC on an email.

‘Not a criminal in the classic sense’

The Register reports that the country’s supreme court gave Moylan a suspended sentence, saying that despite the fact that “Some investors lost money,” the activist was “not a criminal in the classic sense.”

The attack came in the form of a release claiming that ANZ Bank had withdrawn a loan from the mining company, totalling $1.2bn, relating to an open-cut coaline. Moylan added that the bank was withdrawing due to “corporate responsibility,” according to The Register.

Justice Davies said, “It is clear the offender has been prepared to break the law on a number of occasions to further the causes which he believes in.”

Author , We Live Security

Follow us

Copyright © 2017 ESET, All Rights Reserved.