Spanish authorities this week announced the arrest of 40 individuals for their roles in a criminal organization that performed bank fraud, document forgery, identity theft, and money laundering.
Two of the individuals, the authorities say, were in charge of carrying out online bank fraud, while 15 others were involved in other illegal activities.
Called ‘Trinitarians’, the criminal organization employed phishing and smishing (SMS phishing) to distribute malicious links that took unsuspecting victims to fake bank login pages where they were prompted to enter their credentials.
Using hacking tools purchased from cybercriminals, the gang monitored in real time the credentials their victims entered on the fake pages. They used the obtained login information to access the victims’ real accounts and request loans or link the victim’s cards to virtual wallets on attacker-controlled phones.
The gang also bought cryptocurrency coupons that were then exchanged in a wallet functioning as a ‘common box’ for the organization, and contracted point-of-sale (PoS) devices in the name of fake companies to make false purchases.
According to the authorities, the group also relied on an extensive network of money mules that received money transfers to their accounts and withdrew cash at ATMs.
Some of the proceeds were sent to bank accounts abroad and used to purchase real estate in the Dominican Republic, the Spanish authorities say.
The gang raked in more than €700,000 (~$760,000) from the schemes and used proceeds to pay for lawyer fees for gang members in prison, buy drugs to resell, and acquire weapons.
During the takedown operation, the Spanish police made 13 house searches in Madrid, Guadalajara, and Seville, and seized computer equipment, lock picks and other instruments for opening doors, padlocks, cash, and documents describing the group’s structure.
Related: Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million
Related: US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware
Related: Australia Dismantles BEC Group That Laundered $1.7 Million
More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
