Council loses millions in scam using ‘AI techniques’

Andrew Stafford |

Noosa Council revealed it’s been the victim of a major fraud, losing $2.3m to a crime syndicate.
Noosa Council revealed it’s been the victim of a major fraud, losing $2.3m to a crime syndicate.

A beachside council has kept ratepayers in the dark for months after losing millions to an international crime gang using “social engineering AI techniques”.

Noosa Council north of Brisbane has revealed it was defrauded $2.3 million back in December 2024, sparking a major police investigation.

However the council did not tell rate payers for more than 10 months and have been tight-lipped about the nature of the “well organised cyber fraud”.

Noosa Council CEO Larry Sengstock
Noosa Council CEO Larry Sengstock said it was not a cyber security attack. (Julian Smith/AAP PHOTOS)

“The criminals used sophisticated social engineering AI techniques but we won’t disclose specific details of how the fraud occurred to protect staff and from also highlighting the criminals’ actions,” council CEO and basketball great Larry Sengstock said.

The four-time Olympian and former Basketball Australia boss said about $400,000 had been recovered, bringing the total loss to $1.9 million.

“Police say that these types of incidents are on the rise and should act as a warning for organisations to continually review their procedures.”

Cr Sengstock emphasised that it was not a cyber security attack and no council staff were at fault or involved in the “sophisticated, strategic, and targeted” fraud.

“Council systems were not breached or affected, no data was stolen and there was no impact to the public or our services,” he said in a statement.

The Australian Federal Police had instructed the council not to disclose the scam due to the risk of compromising an investigation, he said.

The council had reported the incident to the Queensland Audit Office and relevant ministers, with the fraud being investigated by the federal police and Interpol.

The AFP has been contacted for comment.

“Council takes its financial responsibility very seriously and on behalf of management I am sorry that this has happened,” Cr Sengstock said.

“Unfortunately, as we are seeing every day in the media, scams and frauds are on the rise, and many companies and organisations are being targeted.”

The Noosa Council fraud coincides with the release of the Australian Signals Directorate’s annual cyber threat report.

It reveals that while reports of cybercrime are down overall, businesses were exposed to heavier financial impacts.

The average cost of cybercrime to large businesses was $202,700 in the past financial year – up 219 per cent on the previous year.

AAP