Australian authorities have issued a public warning after uncovering a sophisticated fraud scheme in which criminals submitted fake reports via the ReportCyber portal, then used the generated reference numbers to call victims and pose as law-enforcement.

In one documented case the scammer claimed the victim’s details appeared in a cryptocurrency-related data breach, provided an official-looking reference number, and then directed the target to a second caller pretending to work for a crypto-platform.

That caller urged the victim to move funds into what was described as a “cold-storage” account, controlled by the fraudsters.

The scam’s credibility came from its use of genuine victim information – phone numbers and email addresses, and the very official reference number drawn from the public portal.

The reference number was visible to the victim when checking the ReportCyber site, lending the call a veneer of legitimacy.

Why This Scam Is Particularly Dangerous

This scheme shows a shift in crypto-fraud methods. Rather than relying only on fake messages or phishing links, criminals are now leveraging real government infrastructure and personalised data to build trust and urgency.

According to officials at the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3), what makes the scam effective is how it mirrors official procedures and imposes a fast timeline, preventing victims from pausing and verifying.

For individuals holding cryptocurrencies or exploring the market, the risk is two-fold: impersonation of police and manipulation of trusted reporting systems.

The Australian Cyber Security Centre (ACSC) advises that legitimate law-enforcement officers will never ask for wallet-access credentials, seed phrases or transfers to unauthorised accounts.

What To Look Out For And How To Act

Australian authorities recommend the following steps to protect yourself:

  • If you receive a call about a ReportCyber report you did not file, hang up and independently verify the call by dialing 1300 CYBER1.
    Cyber Security Australia
  • Never grant remote access to your crypto-wallet or transfer funds based on pressure from someone claiming to be law-enforcement.
  • Use official channels only: check ReportCyber site directly, ignore caller reference numbers unless verifiable, and use known contact numbers for crypto platforms.

The long-term concern for regulators and crypto platforms is how fraudsters are evolving their tactics. As legitimate platforms and portals remain trusted, criminals are embedding themselves in those systems to accelerate deception.

The Australian case could foreshadow similarly styled scams in other jurisdictions where crypto and government services overlap.