AI scam defrauds Noosa Council of $1.9mInternational scammers stole ratepayer funds.By Leonard Bernardone on Oct 14 2025 12:02 PMPrint articleA sophisticated AI social engineering scam at the local council of tourist hotspot Noosa has seen $1.9m disappear. Photo: ShutterstockQueensland’s Noosa Council has lost $1.9 million to international scammers who used artificial intelligence and social engineering to defraud the council of ratepayer funds.In what Noosa Council chief executive Larry Sengstock described as a “major fraud incident” the scammers used “sophisticated social engineering AI techniques” to defraud the council of $2.3 million in ratepayer funds.The council has been able to recoup approximately $400,000 of that by working with banks and authorities, according to theABC, though Sengstock confirmed Monday the council was left with $1.9 million in losses.“We won’t disclose specific details of how the fraud occurred to protect staff and from highlighting the criminals’ actions," said Sengstock.“However, we can reveal that the fraudulent activity was sophisticated, strategic, and targeted.”Scammers targeted the south-east Queensland council sometime during the 2024 Christmas period, while Sengstock said the council was first made aware of its losses after being contacted by authorities.The scam was perpetrated by “international criminal gangs” which were already being tracked by the Australian Federal Police (AFP) and Interpol.Sengstock said the council was initially directed not to make the matter public so as to not compromise the AFP, Interpol and Queensland Police’s ongoing investigation.At the time of writing, the incident remained under investigation with the AFP Joint Policing Cybercrime Coordination Centre.‘Not related to cybersecurity’Despite the incident involving social engineering – a highly popular cybercriminal method – Sengstock emphasised the fraud was “not related to cybersecurity”.“Council systems were not breached or affected, no data was stolen and there was no impact to the public or our services,” he said.“This has been confirmed by external forensic IT experts engaged by council to ensure ratepayers were protected.”Noosa Council was defrauded by international criminal gangs. Photo: Noosa CouncilSengstock explained the fraudsters were successful in spite of Noosa Council having dedicated “processes and procedures to mitigate this type of event”.“Unfortunately, in this instance they were not effective enough, as this crime was committed by highly organised, professional criminals who found a way through our processes,” he said.Sengstock maintained no council staff were at fault or involved in the criminal activities and that the council has since implemented a range of recommendations from the Queensland Audit Office to improve its processes.AI social engineering on the riseSocial engineering is a prominent cybercriminal attack method where victims utilise social and technological techniques to manipulate a victim into taking action under false pretences.For example, a scammer could pretend to be an executive staff member and ask an employee to authorise a large transaction – something made all-the-more achievable thanks to AI voice replication technology.Social engineering scammers may also use email, SMS, phone calls or social media messages to trick people into handing over personal data or system access credentials.Such was the case for Qantas, which suffered a data breach in June after a staff-member in a third-party call centre wastricked into handing over access detailsto another, third-party platform.This particular attack resulted in some 5 million Qantas customer records beingpublished to the clear and dark webearlier this week.Nalin Arachchilage, associate professor in cybersecurity at RMIT University, toldInformation Agethe incident was a “timely reminder that cybersecurity isn’t confined to the IT department”.“AI has supercharged the art of deception,” said Arachchilage.“[It] can imitate writing styles, voices, and even identities with alarming accuracy.“Cybersecurity defences must now include our systems – and our psychology.”Indeed, Sengstock was told by police that “these types of incidents are on the rise and should act as a warning for organisations to continually review their procedures”.“Police tell us to ensure you are continually reviewing processes and verify the legitimacy of any contact before making any sensitive changes,” he said.“Council takes its financial responsibility very seriously and on behalf of management I am sorry that this has happened.”Leonard BernardoneLeonard Bernardone is an award-winning techie and writer based in Melbourne. After six years working across multiple startup businesses, Leonard now works as a freelance journalist. His work strives to spread awareness, cyber safety, and technical innovation.Tags:aiscamfraudsocial engineeringnoosa council