Spanish police have arrested dozens of individuals on suspicion of their involvement in a serious organized crime gang said to have made over €700,000 ($767,000) from phishing victims.
Among the 40 apprehended by law enforcers were two hackers and 15 suspected members of the “Trinitarios” group, who were charged with belonging to a criminal organization, bank fraud, document forgery, identity theft and money laundering.
The group was allegedly funded mainly through phishing and bank fraud – which was used to buy drugs and weapons, pay lawyers’ fees for members in prison, and was sent direct to members behind bars, the police claimed.
Read more on Spanish police operations: Spanish Police Bust €5m Phishing Gang.
The alleged hackers would send SMS phishing messages to victims purporting to come from their bank, alleging a security issue that required them to click on a malicious link.
Following the link took the victim to a spoofed banking log-in page where they entered their logins. The hackers monitored these actions in real-time via phishing panels and immediately used the logins to access the real accounts, requesting loans and linking the cards to virtual wallets on their phones.
The cyber-criminals would then purchase cryptocurrency with these card details, which was apparently exchanged with fiat currency and put into a “common box” for later use.
The group also monetized the hijacked bank details by directing an extensive money mule network to “cash out” at ATMs or receive funds via bank transfer, and additionally made false purchases through fictitious online cosmetics companies via point-of-sale (POS) terminals.
Some of the funds were sent abroad, and were even used to purchase real estate in the Dominican Republic, the police said.
During the operation, 13 house searches were conducted in Madrid, Seville and Guadalajara, where a list of 300,000 phishing victims was discovered, along with €5000 in cash, computer equipment and devices for picking locks.