Criminals are exploiting gaps in Australia’s digital banking systems by opening bank accounts without providing physical identification, enabling large-scale money laundering through so-called mule accounts. According to reporting by The Sydney Morning Herald, scammers have used stolen data such as Medicare card numbers to open accounts in the names of victims—without ever presenting the documents themselves.
In one instance, two bank accounts were opened using only the Medicare number of a Sydney woman, bypassing traditional ID checks. The accounts were then used to funnel scam proceeds. Investigators say this method, while not involving full identity theft, reflects growing sophistication in how fraud networks bypass institutional controls.
Thousands of Accounts Shut Down by Banks
In the past financial year, Australia’s major banks closed over 10,000 mule accounts, which had been linked to fraudulent activity. These accounts are often operated by individuals knowingly or unknowingly transferring money on behalf of scam operators. Some are created with fake identities, but many are either hijacked from existing customers or purchased outright through criminal marketplaces.
According to Stephanie Tonkin, chief executive of the Consumer Action Law Centre, “We hear of cases where, for a single scam, there are multiple—up to eight or ten—mule accounts being used.” Tonkin emphasized the need for banks to implement tighter controls during account creation and to more aggressively monitor for fraud indicators once accounts are active.
Digital Payments Drive Scam Losses
Despite improvements in fraud detection, bank transfers remain the leading method used by scammers in Australia. In 2024 alone, these transfers accounted for 44.5% of scam-related losses, totaling $141.7 million, according to data reported to Scamwatch. While credit card and cryptocurrency scams receive widespread attention, traditional bank transfers continue to dominate in terms of financial impact.
The scale and speed of mule account activity make it difficult to contain. Accounts can be used and abandoned quickly, and some may appear legitimate for extended periods before being flagged. As scammers rotate through account holders, tracking illicit funds becomes more challenging for both banks and law enforcement agencies.
Cybercrime Expert Urge Structural Reforms
Mule accounts are particularly difficult to detect because many begin as genuine bank accounts, according to Jon Brewer of AUSTRAC, the Australian government’s financial crime intelligence unit. Brewer said that account takeovers and criminal resale of legitimate accounts are more prevalent than outright fake identity registrations, which are often easier to flag.
Brewer’s remarks suggest that greater emphasis needs to be placed not only on how accounts are opened, but on how they are managed throughout their lifecycle. This includes monitoring for behavioral changes, unusual transfer patterns, and links to known fraud networks. While several banks have taken steps to strengthen internal systems, experts maintain that broader, systemic changes are necessary to reduce Australia’s exposure to financial crime networks.