Table of contents
Our crypto scam investigators have received numerous recent reports of individuals being scammed by imposters pretending to be an Australian Federal Police officer. Their main goal is to quickly and efficiently deceive the victim into handing over valuable information, allowing them to steal the victim’s crypto. In this article, we explain what the AFP phishing scam is, how to avoid it and what to do if the damage has already been done.
How this sophisticated scam is conducted
The offenders leverage the personal details of potential victims which likely originate from hacking forums on the dark web and from breached data. Once the scammers have this information, they cleverly submit a fraud report on behalf of the victim to the Australian Government report cybercrime portal, cyber.gov.au. The offenders enter the victim’s email address, so a real fraud report number and automatic email is triggered to the victim from the real report cyber portal.
Then, the criminals contact the victims claiming to be an AFP officer and quote the official report number to gain their trust. If the victim does not immediately believe them, they are advised to search their report on the official cyber.gov.au website with their email, once they see that a report is there, their guard is lowered.
The offenders create false urgency that ensure victims are immediately in the fight or flight mode, a typical response. The scammer tells the victim that they are involved in a serious data breach, and their cryptocurrency accounts are at risk.
During this call the victim is told they’ll be required to attend a local police station in the coming days, so that the police can conduct an interview. As the scammer knows where the victim resides, they even state the name of a nearby suburb, making the scam seem even more believable. The offenders claim that the victim’s crypto is at risk, and that Ledger or another legitimate platform will make contact soon. The second caller contacts the victim quoting the same fraud report number to again build trust. The scammer then directs the victim onto what looks like the genuine Ledger website but is in fact a clone scam website. The clone website looks identical to the real thing and in the rush, there’s very little chance the victim would notice it is not the genuine website.
Once on the website, the victim enters their seed phrase to try to ‘protect’ their crypto and unknowingly give access to the scammers. In this moment, the funds are instantly transferred and taken by the offenders.
Similar Phishing Scam
This isn’t the first time our team have seen phishing scams like this and as a company with over 10 years of experience this is not new to us. In late 2024, we saw a Binance impersonation scam that targeted Binance users. The victims were targeted through a sophisticated SMS messaging; the scammers had found a way to spoof phone number to appear as the actual Binance platform.
What makes the AFP scam so unique
There are several features to this sophisticated scam that make it so believable and damaging.
Our scam investigators have heard from victims that the scammers have Australian and British accents, going against the norm of a Southeast Asian accents that are often associated with scams of this nature. This scam is completely tailored and targeted at Australians, so if the person on the other side of the phone has an Australian accent, it really seems convincing and builds trust.
During the call, the scammers also state that in the following days the victim will be required to attend a local police station and even say a suburb near where the victim resides. This information is likely gained from a previous data breach.
The scam uses a high trust authority; the Australian Federal Police is one of the most credible sources to impersonate. The image the AFP holds as the country’s primary international law enforcement agency is one of trust and authority.
How to avoid the AFP Crypto Phishing Scam
It is important to note that the police will never ask you to transfer money or cryptocurrency to any accounts.
If you’re contacted by anyone, and urgency is created, then we recommend you stop to consider the situation further. Many phishing attacks and impersonation scams rely on the victim feeling pressured and taking immediate action.
If in doubt, stop and conduct your own due diligence, especially when crypto is involved.
If there is a website available you can use our SCAMID tool which will detect and check to see if a website is a scam by showing the level risk that you may be subject to.
If you think you may be receiving a scam call, you can check it by using our scam-phone-number-lookup tool which will rate the number and provide advice on if the number is likely a scam or not. And the number may have even been reported by other online users before a scam.
What to do if I have been a victim of this scam?
If you have lost money to this AFP crypto phishing scam, our scam investigators can assist you in tracing your stolen crypto and identifying those responsible. Recovering money from a scammer is not easy, however, our blockchain investigations have supported many asset recovery cases. By collecting evidence of who is responsible, victims are provided with a chance of getting justice and getting their money back.
As the first Australian company to provide cryptocurrency tracing and crypto investigations to the public, our investigators are the most experienced team available. For an obligation free assessment of your case, contact our team today.
