Police have cracked open an alleged identity theft, romance and business scam enterprise that was being run out of the Villawood Detention Centre.

Four people have been charged and Australian businesses have been urged to review their account payment practices, with police saying the alleged email scam generated over $3 million.

The money was traced to Nigeria but police are yet to determine whose hands it has ended up in.

They say it is highly unlikely that money will ever be recovered.

Investigators said the alleged syndicate was involved in activities including sophisticated business email compromises, identity theft, romance scams and the fraudulent sale of goods.

A 43-year-old man who police said led the operation was arrested at the detention centre yesterday and charged with knowingly directing activities of a criminal group and knowingly dealing with proceeds of crime.

Police seized 16 phones and 17 sim cards from three individuals in the detention centre which they said was of particular concern.

The alleged ringleader was refused bail to appear in court later today.

Australian Border Force Detention Operations Commander Bill Ries said they have long been campaigning for powers to remove phones from detainees within immigration detention centres.

A woman was arrested at a Granville property during a raid on Wednesday. ( Supplied: NSW Police )

"Many … have had their visas cancelled for serious criminal charges," he said.

"We know phones can be used to coordinate escape efforts, as a commodity of exchange, to facilitate the movement of contraband, to convey threats and, in this case, to organise significant criminal activity outside our centres.

"The continued use of phones in detention poses a significant threat to our staff, to detainees and the broader community."

Staff can't afford to be complacent

Small and large businesses alike must review their electronic account payment practices to better protect themselves against scams, Cybercrime Squad Commander Detective Superintendent Arthur Katsogiannis said.

Business email compromise, in which scammers purport to be from an organisation and request a transfer of funds, is one of the fastest growing crime trends worldwide, he said.

Last year in Australia alone, $22.1 million was lost to business scammers.

"We would encourage all businesses to develop systems to combat against scams, including scrutiny of email requests to transfer funds or change account details, and standard procedures to follow to protect against business email compromises," he said.

"While there are many variables, generally, the perpetrators will 'spoof' or compromise corporate executive or employee email accounts and send email requests to an accounts payable employee for an electronic funds transfer.

"Staff should be suspicious about these types of requests, and if they take the time to verify the authenticity of the email, whether it be via phone or a fresh email, they can potentially prevent the compromise."

Three other people who were not in the detention centre were also charged.

A 20-year-old man, was charged with seven counts of recklessly dealing with the proceeds of crime and possessing identity information with intent to commit an indictable offence.

Two women, aged 20 and 36, were also charged over their alleged involvement.