Authorities in the Netherlands have arrested a 24-year-old believed to be a developer of phishing frameworks for a cybercrime ring named “Fraud Family.”
According to the Dutch National Police, the man worked together with a 15-year-old accomplice to develop and sell phishing panels that allowed cybercriminals to steal banking credentials from unsuspecting users.
According to threat intelligence company Group-IB, which helped the investigation, Fraud Family is a Dutch-speaking crime syndicate that builds, sells, and rents sophisticated phishing frameworks.
Impersonating legitimate financial organizations, the attackers typically approach victims via email, SMS, or WhatsApp messages, and trick them into clicking on malicious links that take them to phishing websites where they are prompted to share their login credentials.
The cybercriminals behind this Fraud-as-a-Service operation would provide other threat actors with phishing kits and web panels targeting bank users, mainly in the Netherlands and Belgium. The frameworks allow adversaries to interact with the phishing site in real time and also include data collection and management capabilities.
Fraud Family members used Telegram channels to advertise their services, including phishing tools and ready-to-use infrastructure. Prices ranged from €200 to €250 (approximately $235 to $295) per month, per panel.
According to Group-IB, the gang operated at least eight Telegram channels that had a total of roughly 2,000 subscribers. Half of these users could be actual buyers, the security firm says.
Dutch authorities announced that, while the 24-year-old remains in custody, the 15-year-old was released, pending further investigation. A third individual, 18 years of age, had their residence searched this week in relation to the investigation.
Related: Nigerian Arrested in US for Hacking Payroll Services Company
Related: Kenyan Arrested in Qatar First Targeted by Phishing Attack
Related: Police in Europe Bust Gang Hijacking Celeb Phones, Arrest 10

More from Ionut Arghire
- Google Leads $16 Million Investment in Dope.security
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
