Fraud Management & Cybercrime , Fraud Risk Management

Beating the Banks: Unlicensed Traders Punch Through Tight Controls

Case of Australian Woman Who Lost $63,000 Highlights Gaps in Stopping Fraud
Beating the Banks: Unlicensed Traders Punch Through Tight Controls

Jackie Lau, an Australian neuroscientist who recently worked at a major research institute in Sydney, is a bit embarrassed.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

Between October and December last year, Lau transferred nearly AU$63,000 (US$49,000) to two online financial trading platforms. She eventually suspected something was amiss when one account showed trades she didn't authorize.

Just a week after a final $16,500 wire transfer in early December to a trading platform called Millennium-FX, Lau was told all of the money had been lost. Millennium-FX is not licensed to offer financial services in Australia.

"I'm too trusting," says Lau, who admits that she's at fault for willingly transferring the funds.

Financial institutions and regulators attempt to keep up with internet-based schemes, flagging suspect companies and bank account numbers. Consumers are warned about the risks involved in sending money to unlicensed financial services.

But it's a never-ending, shifting fight. The sheer number of schemes and the ease with which new ones can be spun up pose deep challenges.

Still, there are questions of "who carries the can here," says David Lacey, founder of IDCare, which helps victims of scams and identity theft. If criminals are abusing legitimate systems, those system providers, as well as regulators, need to adapt, he says.

Lau's case shows how fraudsters are punching through tight controls through clever maneuvers and knowledge of banking defenses and regulations.

'Trade Like a Champ'

Lau's woes began in Australia, but the companies and banks involved stretch from the Marshall Islands to Cyprus to Estonia to Germany and Northern Ireland. The saga started on Oct. 11, 2017, when Lau received an unsolicited call from someone at Trade12, a financial trading service.

Trade12 is perhaps most famous for at one time having former boxer Mike Tyson in its advertisements. Tyson's pitch: "Trade like a champ."

Source: Trade12

The Australian Securities and Investments Commission, or ASIC, warned last September that Trade12 does not have a financial services license to operate in Australia. At least four other regulators in the U.K., Italy, Canada and New Zealand have issued similar warnings.

Lau says the Trade12 representative convinced her to make two debit card transactions from her Commonwealth Bank account for about $330. It's unclear why Lau's debit card transactions went through to Trade12. In theory, those transactions should have been blocked after ASIC flagged the company.

But there are some muddying details. While ASIC listed two bank accounts for Trade12, Lau's transactions were done with a debit card. That made it difficult for Commonwealth Bank to know where the money was actually going.

One of two debit card transactions Lau authorized in last October to Trade12.

But Lau's Trade12 loss was pocket change compared to what was coming. Trade12 wasn't done with her yet.

Money Gone Overnight

On Nov. 12, she received a call from a Trade12 representative who called himself Ryan Miller. Lau says Miller, with whom she communicated over Skype and email, convinced her to open an account on another platform called Millennium-FX.

An email from Millennium-FX representative Ryan Miller to Jack Lau on Nov. 20

Lau held the bulk of her savings in a National Australia Bank account, but Miller insisted without explanation that she move her funds to her Commonwealth Bank account.

It's possible that Millennium-FX wanted to use Commonwealth because it knew National Australia Bank would stymie the wire transfers. But a query from ISMG to NAB did not shed light on the reason.

Lau made an initial debit card transaction to Millennium-FX for about $1,325. Miller eventually convinced her to install TeamViewer, a legitimate remote access tool, on her personal computer.

Miller then pressured her into making four international wire transfers for $61,500, Lau says. Each time, Miller used TeamViewer to fill out the destination account, which was Online Currency Corp. Ltd., for the transfers after Lau logged into Commonwealth Bank.

For a few weeks, Lau says Miller called her every day, discussing stock trades. Around mid-December, a week after the fourth wire transfer, Lau logged into her Millennium-FX account and found three trades she did not authorize. She requested that her funds be withdrawn back into her account but says Miller rebuffed her requests, at times becoming threatening.

About a day later, Lau says Miller told her that all of her money was lost.

"I should have done my research [into Millennium-FX]," Lau admits.

Since the loss, Lau has contacted New South Wales police, the Australian Cybercrime Online Reporting Network, Australian Transaction Reports and Analysis Centre and IDCare. An IDCare analyst says the organization has received complaints about Millennium-FX as well as other trading platforms that may be associated with it.

Following The Money

Lau's bank statement provides the clearest path to where her money ended up.

Three of the international wire transfers went to the Bank of Cyprus in Nicosia, and the fourth went to Deutsche Kontor Privatbank in Germany. Lau's Commonwealth Bank statement shows the beneficiary of all four transfers is Online Currency Corp. Ltd., based in Belfast.

A wire transfer made to Online Currency Corp. Ltd.

The U.K. Companies House registry has details about Online Currency Corp. Ltd., which was established in 2013.

Online Currency Corp. Ltd. has three directors: Ildar Sharipov, 30, of Russia, and two Cypriots, Savvakis Patsalidis, 44, and Georgios Spanos, 36. Sharipov has a long background in online financial trading platforms.

Sharipov was president of the InstaForex Companies Group from at least 2009 until 2013. One of InstaForex's foreign exchange trading platforms, InstaForex, is still running. Since 2013, financial regulators in France, Brazil, Bulgaria and Canada have warned consumers that InstaForex is not licensed to offer services in their countries.

Sharipov's profile as it appeared on InstaForex's website around August 2013. (Source: The Wayback Machine)

As of last year, Sharipov was president of another trading platform, ForexMart.

Efforts to reach Sharipov through ForexMart and InstaForex were unsuccessful. Two U.K. phone numbers found for Online Currency Corp. Ltd. went unanswered during business hours.

But on March 6, a company affiliated with Online Currency Corp. Ltd. suddenly responded to an ISMG query. Online Currency Corp. Ltd. is the registered entity behind MegaTransfer, a U.K-based money-transfer service.

Several days after ISMG emailed MegaTransfer asking only for Sharipov's contact details, a MegaTransfer representative began offering specific details about Lau's case unprompted. It then became clear that MegaTransfer is Millennium-FX's payments processor.

Andreas Tikas, of MegaTransfer's media team, contends that Lau contacted MegaTransfer and made a claim for the return of her funds. The claim was rejected as fraudulent because Lau admitted she made the trades and was unhappy with the result, Tikas tells ISMG.

Lau said on March 7 that she's never contacted MegaTransfer nor Online Currency Corp. Ltd.

It appears ISMG's inquiries may have soured the relationship between Millennium-FX and MegaTransfer. Tikas contends that Millennium-FX is no longer allowed to use MegaTransfer due to "compliance" questions that Lau's case raises.

Banking Due Diligence?

Lau's wire transfers were handled by three institutions: Commonwealth Bank, Bank of Cyprus and Deutsche Kontor Privatbank.

The three banks facilitated the eventual transfer of Lau's money to Millennium-FX. But none appear to have done anything technically wrong.

Online Currency Corp. Ltd. hasn't been flagged by any country's financial regulator. Further, the company is licensed as an authorized payments provider by the U.K.'s Financial Conduct Authority (FCA). At least on paper, Online Currency Corp. Ltd. is legitimate.

(Source: U.K. Financial Conduct Authority)

After being notified of Lau's losses and the link to Online Currency Corp. Ltd., a Bank of Cyprus representative says it is investigating.

Deutsche Kontor Privatbank says that it doesn't have any direct relationship with Millennium-FX. The bank says it holds the account for Online Currency Corp. Ltd., which it noted is authorized by the FCA.

As far as the banks were concerned, Online Currency Corp. Ltd. raised no obvious red flags.

A flow chart of Lau's card and wire transactions

Lau's situation occurred just after a program ended that may have helped her avoided losses. Until last year, Australia ran an aggressive program involving banks to try to stop people from losing money to scammers.

The Scam Disruption project, which was run by the Australian Competition and Consumer Commission, drew on financial intelligence in order to send letters to people who had sent money to suspected scammers.

In 2016, the Scam Disruption Project sent out more than 2,834 letters. More than 74 percent of the recipients stopped sending money within six weeks.

But the program ended last August due to a lack of resources, says Delia Rickard, deputy chair of the ACCC. The agency has continued its public awareness campaigns as well as work with banks, but fraudsters catch on quickly to new defenses and adapt.

"There's no one simple solution to this," Rickard says. "We have to be looking at it through the intermediaries that help the scammers connect with you in the first place, through those that send the money."

International Webs

So how do two unlicensed trading platforms set up shop in Australia? It's easy. The internet has erased borders, and no physical presence is needed.

The similar set-ups of Trade12 and Millennium-FX show the international nature of the companies. For example, both have listed offices at Tornimae 5, a building in Tallinn, Estonia.

Kristjan-Erik Suurväli, head of market supervision and the enforcement division with the Estonian Financial Supervision Authority, says the office at the address helps companies establish a legal presence in Estonia. He says trading platforms register in Estonia to piggyback on the country's reputation as successful IT and innovation center.

"Therefore, we of course are interested to close down those companies and inform the public as widely as possible," Suurväli says.

Typically, fraudsters market to victims over the internet using websites based outside of the European Union, or they use cold calls, Suurväli says. To increase interest, potential clients are offered some sort of incentive, and once the money is sent, their accounts show successful trading in order to attract more money, he says.

After it was contacted by ISMG, the Estonian Financial Supervision Authority issued an advisory saying Millennium-FX "is not authorized to provide payment services" in the country.

Estonia's advisory about Millennium-FX. (Source: Estonian Financial Supervision Authority)

Trade12 and Millennium-FX also list offices in the Trust Company Complex in Ajeltake, a tiny town on the island of Marjuro within the Marshall Islands. There, Trade12 is registered under the name Exo Capital Markets.

ISMG reached Trade12 by phone and email. Over email, the company didn't respond to a request for an interview regarding Lau's losses. In a phone call to one of its call centers, a Trade12 representative said the company had since ceased its operations in Australia.

"We're not calling any Australian clients anymore," she said, declining to answer when asked why.

In a separate email correspondence, Trade12 denied it had any connection to Millennium-FX. That's despite the fact that Lau says the same person she dealt with at Trade12 also handled her account with Millennium-FX.

It was difficult to get information from Millennium-FX about Lau's losses. A call center employee, who said she was based in Canada, declined to discuss Lau's case. Efforts to reach other company officials by email and phone were unsuccessful.

Refund Rejection

Since the loss of her money, Lau has been distressed. She blames herself, but feels the banking system bears some responsibility.

Lau filed a dispute with Commonwealth Bank, contending the bank should have blocked her card transactions and wire transfers. The bank has rejected her claims.

She also has a pending complaint with the Financial Ombudsman Service Australia, which is still under consideration. Lau shared a copy of the FOS's summary of her dispute.

Commonwealth Bank contends that her card transactions went to accounts that had not been flagged by ASIC, and that it was not evident from the processing statements that Trade12 was the vendor, according to the document. As far as the wire transfers, Commonwealth contends customers are liable for transactions they authorize, which Lau did.

It doesn't look likely that Lau will be refunded her money. Lau left Sydney earlier this month for Hong Kong to take up a research position. When she returned, her parents greeted her at the airport. She had hoped to eventually give them some of the money that she lost.

"I really don't care about money myself," she says. "I just care about taking care of my parents."

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.