The Retail Risk Retailer and Policing Collaboration Award

Woolworths Group Investigations/SOC/Ecomm Fraud

Woolworths Group

In April 2024, the Australian population was targeted by a smishing campaign that sought to direct recipients to a fraudulent landing page purporting to be for Woolworths EveryDay Rewards (EDR). Upon following the smishing link, a highly convincing, but ultimately fraudulent version of the EveryDay Rewards landing page invited customers to share login credentials, account validation procedures, and in some instances credit card details. As chargebacks started to flow through to Woolworths, a number of internal Woolworths business units were alerted to the criminal activity.

By early May 2024 Woolworths Group Investigations, Ecomm Fraud and Security Operations Centre had commenced a collaborative approach to assess the scale of the fraud involved in the smishing incident and implement urgent controls to protect further damage to the company and customers. Specific areas of EDR functionality were shut down temporarily and fraudulent domains were taken down, as Woolworths worked in parallel to build a profile of the threat actors and their methodology. The ultimate cost of the smishing campaign against Woolworths is estimated at $411,000.

Group Investigations collated a significant quantity of data regarding the nature of the fraudulent attack on Woolworths and its customers. Group Investigations approached the New South Wales Police Cybercrime Squad seeking to refer the material for further investigation. At the time of referral, the Cybercrime Squad had been monitoring the activities of an international criminal syndicate involved in the supply of criminal infrastructure used by fraudsters to scam members of the Australian community via a number of different schemes under the auspices of Strike Force KANBI. The syndicate acquired materials including simboxes, simcards and relevant software enabling fraudsters to conduct large scale smishing campaigns including those purporting to be related to tollway payments and tax-related debts.

Information supplied by Woolworths supported efforts by the Cybercrime Squad to identify persons and premises suspected to be involved in the activities of the criminal syndicate of interest. The investigations under Strike Force KANBI were incorporated into a National day of action on 18 July 2024 led by the Joint Policing Cybercrime Coordination Centre (JPC3) under Operation Bourke. A range of significant results were achieved as a result of enforcement activities undertaken during the resolution of Operation Bourke, including:

● Execution of six search warrants in New South Wales and Victoria;
● The arrest and prosecution of six individuals involved in syndicate activities;
● The seizure of 29 simboxes, tens of thousands of mobile simcards, over 500 mobile phones and giftcards; and
● The seizure of $166,000 in cash and luxury vehicles valued at $330,000.

The investigation revealed that the simboxes seized had the capacity to send between 4 and 6 million scam-related text messages daily. In New South Wales alone, the simboxes seized had sent in the vicinity of 318 million scam-related texts over a period of several months.

Smishing is one of the most common tactics deployed by scammers seeking to fraudulently obtain banking and personal information from victims. The impact on the community of removing this syndicate from conducting business is of great significance. NSW Police estimate the operation immediately reduced the volume of smishing throughout Australia by at least 50%.

Woolworths Investigators identified the criminal activity and made a detailed referral to NSW Police. Woolworths provided ongoing support to the Police investigation via the provision of data relating to threat actors seeking to target Woolworths customers, and further by provision of Woolworths staff in the JPC3 operations centre during Operation Bourke resolution activities.

The ongoing assistance to the NSW Police Force demonstrates a high level of commitment by Woolworths to support authorities to protect customers and reduce the harm of fraudsters on the Australian community.

This example of the nature, extent and outcomes from the collaboration between Woolworths and NSW Police Force’s Cybercrime Squad illustrates the real-world benefits of public/private partnerships in countering criminal activity and protecting the community from harm. The benefits derived from partnerships in this context facilitate trust and understanding that can overcome many of the impediments around sharing information and data and ultimately lead to successful outcomes to the benefit of all – except the criminals.

Your Shortlist

Nobody Shortlisted

Total Shortlisted: 0