ARTICLE
20 September 2025

The Law, Charges and Defences for Business Email Compromise (BEC) Fraud in NSW: When Cybercriminals Exploit Government Procurement Systems

L
Lamont Law

Contributor

Lamont Law logo
Lamont Law specialise in criminal law. Our experienced team of criminal lawyers regularly appear in Local and District Courts across Sydney, the Hunter Region, the North Coast and the Central Coast. We have office locations in Sydney, Liverpool, Campbelltown, Penrith, Newcastle, Maitland, Central Coast, Byron Bay and Tweed Heads. We represent clients in all types of criminal and traffic matters. Lamont Law will ensure that you receive the strongest representation and we are determined to protect your rights. Our lawyers have a proven track record of excellence. We consistently achieve the best possible outcomes, and regularly receive public and private testimonials from happy clients. We provide flexible conference options in person at our office locations.
Explore Firm Details
In a digital era where multi-million-dollar payments can be initiated with the click of a button.
Australia Criminal Law

A Sydney man has recently been charged in relation to an alleged business email compromise (BEC) scam that saw $3.5 million siphoned from a Northern Territory Government agency.

In a digital era where multi-million-dollar payments can be initiated with the click of a button, BEC fraud represents a dangerous blend of low-tech social engineering and high-impact financial theft. The legal consequences are severe, but perhaps not as severe as the institutional blind spots they reveal.

What Is Business Email Compromise (BEC)?

BEC fraud involves manipulating legitimate email communications to deceive an organisation into transferring money to a fraudulent account. It often requires:

  • Impersonating a known vendor or senior employee,
  • Spoofing email addresses, and
  • Redirecting legitimate funds to a criminal-controlled account.

These scams are increasingly targeting public sector agencies, which routinely deal with high-value transactions, bureaucratic workflow delays, and dispersed approval chains—factors that make them ideal marks for sophisticated fraud.

The Allegations in the Case

According to the Australian Federal Police (AFP), a 38-year-old man from Lurnea, NSW, allegedly impersonated a legitimate construction contractor doing business with a Northern Territory government agency. On 7 November 2024, the agency received an email containing updated vendor banking details, allegedly sent by the man and copied to other fake addresses impersonating staff from the construction company.

Police allege that:

  • The man registered a business name similar to the real contractor,
  • Opened a bank account under the fake business name,
  • Submitted a vendor form with doctored information,
  • And ultimately received a payment of $3,583,363, which the government agency believed was being sent to the genuine vendor.

Further investigations linked a phone number in the vendor form to the accused. A search warrant executed at his home on 23 July 2025 led to the seizure of electronic devices and documentation tied to the registered company.

He was arrested and charged with one count of dealing with the proceeds of crime (money or property worth $1,000,000 or more) under section 400.3(2) of the Criminal Code Act 1995 (Cth).

The Law: Section 400.3(2) Criminal Code (Cth)

Under section 400.3(2), it is an offence to deal with money or property worth $1 million or more if there is reasonable suspicion that it is the proceeds of crime.

To secure a conviction, the prosecution must prove beyond reasonable doubt that the accused:

  1. Dealt with money or property (e.g. withdrew, transferred, or held it),
  2. The money was proceeds of crime, and
  3. The accused knew or was reckless as to whether the money was tainted.

Maximum penalty: 12 years imprisonment.

What the Prosecution Will Argue

In this case, the AFP is likely to rely on:

  • Email metadata linking the communication to the accused,
  • Digital trails from the fake bank account and withdrawals,
  • Phone records associated with the vendor form,
  • And the timing and pattern of transactions following the fraud.

These details may establish a deliberate and orchestrated plan to deceive and defraud.

Possible Legal Defences

While the allegations are serious, the accused is entitled to the presumption of innocence and may raise several defences, including:

  • Lack of intent: Arguing that the actions were not knowingly criminal,
  • Mistaken identity: Suggesting someone else used his identity or systems,
  • No proceeds of crime: Disputing whether the funds were, in fact, proceeds of crime, or if the accused reasonably believed the funds were lawful.

Evidence such as unauthorised access to his accounts, lack of exclusive control, or coercion may be presented.

The Emerging Legal Issue: Procurement Protocols as Cyber Weak Points

While the case rightly focuses on the alleged criminal, a deeper legal issue simmers beneath: Are government procurement systems legally and procedurally equipped to withstand cyber deception?

Public agencies often process vendor payments through layers of trust-based systems, forms submitted by email, unverified banking updates, and assumptions of legitimacy based on domain names or copied addresses. This creates a low-friction environment for fraud.

In legal terms, it opens the door for:

  • Negligence suits (by third parties) for inadequate fraud prevention,
  • Internal reviews into procurement compliance failures,
  • Potential policy and legislative reform requiring additional verification protocols (such as biometric verification or secure vendor portals).

The Impact and Recovery

Thanks to rapid response from the bank involved, $3,571,760 of the stolen funds were recovered before further distribution. This underlines the critical importance of swift reporting and inter-agency cooperation. The accused was granted conditional bail and is due to appear in Campbelltown Local Court on 17 September 2025.

Need Legal Advice?

If you or someone you know is facing a sexual assault offence, speak with a Sydney Criminal lawyer

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More