At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Spanish police dismantle phishing gang that emptied bank accounts

    The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials.

    The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials.

    Having access to banking accounts, the adversaries used their victims’ money to make online purchases, direct transfers to “money mule” accounts, or request personal loans.

    The police say the threat actors stole at least 443,600 Euros ($466,000). from approximately 146 victims as part of these phishing attacks.

    “The operation, carried out in several phases between January 2019 and April of this year, has ended with the arrest of 13 people -and another 7 investigated but not detained.

    The police opened the investigation in 2018 when the first complaints were submitted both by victims and by the impersonated bank, who noticed unauthorized purchases in electronic stores in foreign countries.

    The subsquent investigation uncovered the use of VPNs (virtual private networks) to make it appear as if the threat actors were based in Morocco, France, Germany, or the USA.

    As part of the phishing attack, the threat actors sent out fake “security alerts” via email, claiming there were problems with bank cards and accounts.

    The links provided for supposedly resolving the issue took the victims to a phishing site that masqueraded the bank’s actual website, tricking them into entering their login credentials.

    Having those credentials, the threat actors accessed the accounts and changed the client’s mobile number to one under their control to bypass two-factor authentication protections.

    “Likewise, this modus operandi allowed them to access the victims’ bank details and receive the Keys for Secure Electronic Commerce (CES) necessary to complete operations on the telephone line controlled by the members of the organization,” the police explained.

    The threat actors then moved the stolen money through a network of money mules that were often extorted to take part in the scheme, sending cash through direct cash-transfer services to the Ivory Coast.

    In November 2021, the Spanish police uncovered another local crime network that used money mules to direct funds to Benin, so using African countries to evade scrutiny seems common among Spanish cyber-criminals.

    With thanks to the Cyber Defence Alliance and BleepingComputer. The full story is here: https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-phishing-gang-that-emptied-bank-accounts/

    Request A Quote: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4’s security awareness training and simulated phishing platform and find out how affordable this is!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top