Authorities have detected a surge in scammers from Europe hacking into share trading accounts in Australia and trying to clear them out.
The increased activity has been picked up by the market surveillance team at the corporate watchdog ASIC as part of its work keeping the market honest and watching for insider trading.
This is how the hacking works:
- The scammers set up an account with a large investment bank in Europe. They then buy a lot of penny dreadful shares, the cheaper the better, at a fraction of a cent each.
- Now they’re ready to hack an account in Australia. Once they’re in, they sell all the shares in the Australian account, building a large cash balance.
- They then use that money to buy, at an inflated prices, the cheap shares in the account in Europe, effectively moving cash from Australia.
Greg Yanco, senior executive at ASIC’s Market and Participant Supervision section, says he’d heard from the international regulatory unitIntermarket Surveillance Group of this happening in the US, Canada and Europe a few years ago.
When a scam is detected, ASIC shuts down the account here and contacts regulators offshore, including the Financial Conduct Authority in London, to close the accounts in Europe.
“We get waves of three or four accounts hacked in one day,” Yanco told Business Insider. “It’s never been more than a few thousand dollars at a time. It’s like they’re having a try and seeing if they get caught.
“We’ve stopped them each time … most recently just a couple of weeks ago.”
The activity is picked when analysts, using ASIC’s monitor systems, see that that an account is “doing something stupid”. ASIC monitors 960,000 trades in Australia each day.
In 2013, ASIC replaced the SMARTS surveillance system with MAI (Markets Analysis and Intelligence) which cuts the time taken to conduct searches of trading activity to minutes from weeks or months.
“We detect it because we see someone doing a very unprofitable trade,” Yanco says. “We have an alert called a collusion alert which picks that up and the (ASIC) analysts have been able to work out that it’s been hacked.
“So it’s very important that we have those real-time alerts so we can keep control and ensure those accounts are suspended and the activity stopped.
“It’s been going on for a year now but they haven’t made any money because we’ve picked it up and we’ve locked the money away. Cyber attacks are something that is on our agenda, it’s one of ASIC’s high priorities.”