Noosa Council in South East Queensland has revealed it lost nearly $2 million in a “major fraud incident” allegedly carried out by international criminal gangs using advanced social engineering AI techniques. The case is now under investigation by Queensland Police and the AFP-led Joint Policing Cybercrime Coordination Centre.
The fraud occurred in December last year, with criminals initially siphoning off $2.3 million. Of that, about $440,000 was recovered, leaving the council with a net loss of $1.9 million.
In a statement released on Monday evening, Noosa Council CEO Larry Sengstock stressed that the incident was not the result of a cyber breach. “Council systems were not breached or affected, no data was stolen and there was no impact to the public or our services,” he said. Independent forensic IT experts confirmed that council systems remained secure.
Sengstock described the attack as “sophisticated, strategic and targeted”, adding that no council members were involved. He defended the delay in making the incident public, explaining that disclosure earlier could have compromised the ongoing investigation. The council had, however, reported the matter to the Queensland Audit Office and relevant ministers in line with statutory obligations.
The perpetrators are believed to have used social engineering AI techniques, which can include deepfake video and audio manipulation to deceive victims into authorizing fraudulent transactions. While the council did not provide details of how these tools were deployed, experts warn that AI-driven fraud is becoming one of the fastest-growing threats to governments and organizations worldwide.
The Australian Federal Police and Interpol are reportedly involved in the broader investigation, which is targeting international syndicates suspected of orchestrating similar scams. According to cybersecurity specialists, such attacks exploit human trust rather than technical vulnerabilities, making them harder to detect and prevent.
In response, Noosa Council has implemented stricter financial controls and strengthened its internal processes to safeguard against future fraud attempts. Sengstock reassured residents that ratepayer funds and services remain protected and emphasized that lessons learned from the incident are already being applied.
The case highlights the growing risks posed by AI-powered social engineering, which can convincingly mimic voices, emails, or even live video to trick employees into transferring funds or disclosing sensitive information. Experts say awareness training, multi-layered verification processes, and rapid reporting are critical defenses against such schemes.
For Noosa, the financial loss is significant, but the reputational impact and the warning it sends to other councils and organizations may prove even more far-reaching.
+ There are no comments
Add yours