Security Experts:

Connect with us

Hi, what are you looking for?



Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million

Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million.

Law enforcement in Spain and the US this week announced dismantling a cybercrime gang that defrauded victims of more than $5.3 million.

Based in Madrid, the international criminal organization employed a sophisticated scam that involved phishing, social engineering, smishing, and vishing to trick victims into sharing details about their bank accounts to steal money from them.

Authorities arrested eight individuals in Madrid and one in Miami, seized high-value objects – including watches valued at more than $200,000, jewelry, dozens of mobile phones, laptops, desktop computers, and tablets – and blocked 74 bank accounts, freezing over $500,000 in assets.

The investigators also discovered bags of clothing and shoes from luxury brands, bank cards, documentation, false passports and identity documents, and a compressed air gun.

Focused on defrauding American firms and individuals, the scheme involved the use of social engineering, phishing, and smishing to gather sensitive information about the potential victims, mainly regarding their financial assets.

At the second phase of the scheme, the attackers contacted the intended victims via phone (vishing), spoofing the calls to hide their identity, to obtain additional information required to complete the scam, either through online purchases or transfers to bank accounts controlled by the attackers.

In some instances, the attackers engaged in three-way calls, interacting with both the victim and their North American financial institution, to obtain verification and authorization codes to complete the fraudulent transactions.

According to the investigators, the cybercriminals registered over 100 bank accounts they used as part of the operation. In less than a year, roughly $5.3 million was transferred to the fraudsters’ bank accounts.

Overall, the cybergang is believed to have made more than 200 victims (both individuals and organizations), with the total losses potentially exceeding $7.5 million.

Once the money was transferred to their bank accounts, the cybercriminals transferred it abroad, converted it to cryptocurrency, or withdrew it at ATMs using money mules.

The bank accounts opened in Spain were directly controlled by a single individual, who used numerous false documents as part of the illicit activities. The accounts, the investigators say, were opened in the name of third-parties, either working directly with him or recruited by him.

Law enforcement agencies in Spain, Panama, and the US, along with Europol, participated in the investigation.

Related: Sophisticated ‘VastFlux’ Ad Fraud Scheme That Spoofed 1,700 Apps Disrupted

Related: 4 Nigerians Arrested in Europe Over US Charges Involving Hacking, Fraud

Related: AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.