Serial fraudster fails to overturn sentence after stealing over $6m from businesses

In 2024, Maxwell Ikebudu was found guilty of nine charges related to conspiracy to defraud, dealing with the proceeds of crime and aiding, abetting, counselling or procuring the international dealing with proceeds of crime. Last Friday (5 December), the Supreme Court of Victoria refused his appeal.

“The criminal activity involved unknown overseas persons, all of whom were engaged in the relevant criminal conduct by way of computer hacking – specifically, the hacking of email accounts to send scam emails to debtors to trick them into paying money owed into bank accounts controlled by the co‑conspirators,” court documents read.

Ikebudu was found guilty of being involved in eight separate frauds.

One count related to a March 2021 incident where Ikebudu’s fraud syndicate accessed the emails of a business, Design Group. The syndicate sent an email to the company’s accountant, pretending to be a creditor seeking to update its account details.

Following this, $80,960 was paid to the account between 11 and 12 March 2021 via three invoices. It was alleged that Ikebudu had created and was in charge of the account, and he was charged with intentionally dealing with proceeds of crime of $50,000 or more.

The largest theft was from Osborn Law. In November 2020, the syndicate accessed the email of a solicitor at the firm and sent an email to the firm purporting to be a client who was receiving property and expected to receive settlement funds.

A total of $3,909,733 was directed to bank account details included in the email, which was then transferred to another account. It was alleged that Ikebudu had created and controlled both bank accounts, and he was charged with intentionally dealing with proceeds of crime of $1 million or more.

Jon Soldan, chief executive of payment fraud prevention firm Eftsure, previously told Accounting Times that impersonation tactics were often used by cyber criminals to extract funds from accounts payable teams.

“What we see the most of is vendor impersonation, executive impersonation, where fraudsters are impersonating their suppliers or executives to get accounts payable teams in particular to make fraudulent payments,” Soldan said.

He added that business email compromise, where scammers would impersonate trusted individuals over email, was a common threat. In some cases, criminals used compromised employee email accounts to trick team members.

“A lot of supplier communication happens over email, which isn't a particularly secure channel,” Soldan noted.

The Australian Signals Directorate found that phishing – a type of email and text-based social engineering – was recorded in 60 per cent of cyber incidents reported in the 2024–25 financial year.

To mitigate the risk of fraud through social engineering, Soldan recommended that firms set up formalised systems to ensure cyber criminals could not take advantage of trusted relationships and informal arrangements.