Law enforcement in Spain and the US this week announced dismantling a cybercrime gang that defrauded victims of more than $5.3 million.
Based in Madrid, the international criminal organization employed a sophisticated scam that involved phishing, social engineering, smishing, and vishing to trick victims into sharing details about their bank accounts to steal money from them.
Authorities arrested eight individuals in Madrid and one in Miami, seized high-value objects – including watches valued at more than $200,000, jewelry, dozens of mobile phones, laptops, desktop computers, and tablets – and blocked 74 bank accounts, freezing over $500,000 in assets.
The investigators also discovered bags of clothing and shoes from luxury brands, bank cards, documentation, false passports and identity documents, and a compressed air gun.
Focused on defrauding American firms and individuals, the scheme involved the use of social engineering, phishing, and smishing to gather sensitive information about the potential victims, mainly regarding their financial assets.
At the second phase of the scheme, the attackers contacted the intended victims via phone (vishing), spoofing the calls to hide their identity, to obtain additional information required to complete the scam, either through online purchases or transfers to bank accounts controlled by the attackers.
In some instances, the attackers engaged in three-way calls, interacting with both the victim and their North American financial institution, to obtain verification and authorization codes to complete the fraudulent transactions.
According to the investigators, the cybercriminals registered over 100 bank accounts they used as part of the operation. In less than a year, roughly $5.3 million was transferred to the fraudsters’ bank accounts.
Overall, the cybergang is believed to have made more than 200 victims (both individuals and organizations), with the total losses potentially exceeding $7.5 million.
Once the money was transferred to their bank accounts, the cybercriminals transferred it abroad, converted it to cryptocurrency, or withdrew it at ATMs using money mules.
The bank accounts opened in Spain were directly controlled by a single individual, who used numerous false documents as part of the illicit activities. The accounts, the investigators say, were opened in the name of third-parties, either working directly with him or recruited by him.
Law enforcement agencies in Spain, Panama, and the US, along with Europol, participated in the investigation.
Related: Sophisticated ‘VastFlux’ Ad Fraud Scheme That Spoofed 1,700 Apps Disrupted
Related: 4 Nigerians Arrested in Europe Over US Charges Involving Hacking, Fraud
Related: AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group
More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
