Spanish National Police says they have dismantled an international criminal organization believed to have used sophisticated cyber scams to steal over 5 million euros from consumers.
In a joint operation, Spanish and US law enforcement agents say they arrested nine people suspected of participating in the fraud, seizing high-end watches worth 200,000 euros and blocking more than half a million euros in assets.
According to a press release, the cybercriminal network, based in Madrid, operated over 100 bank accounts in Spain to launder money from victims of social engineering attacks orchestrated via email, phone and texts.
“The investigations confirmed that, in a first phase, those investigated used social engineering, phishing and smishing techniques to collect sensitive data from potential victims – individuals and North American companies – related to their financial assets,” the agency said.
“Subsequently, they phoned them (vishing) masking the calls (spoofing) to obtain the rest of the information necessary to materialize the scams through purchases over the Internet, or making transfers from the victims' accounts to others controlled by the organization from Spain.”
Investigators also believe the fraud proceeds are even higher, exceeding 7 million euros, as more than 200 companies and individuals were defrauded in less than 12 months.
The alleged mastermind of the operation is said to have used numerous IDs to open financial accounts in Spain, but also recruited low-income or homeless people to open online accounts for him.
“Once the money entered their accounts, they withdrew it at ATMs, sent it abroad through new transfers, or converted it into crypto assets,” the police report added.
“In the bank accounts opened in our country, they received the fraudulent funds that allowed them to lead a high standard of living. In this sense, they rented high-end vehicles, as well as hotels and homes in exclusive residential areas throughout the national territory.”
Spain’s National Police urge people to stay vigilant against unsolicited phone calls, emails or text they may receive and to never provide personal and financial information. “Your bank, telephone company or utility company already has this data, therefore, they will never ask us for it,” police said.
Individuals should never click links that prompt them to access bank accounts or other financial platforms and be extremely cautious with callers that put you on hold to participate in a “three-way call” with your bank to authorize fund transfers.
Worried about cybercriminals abusing your identity and financial information to conduct fraud?
Bitdefender Identity Theft Protection can help you fight identity crimes with combined fraud detection, real-time alerts and identity recovery services.
Learn more about how our one-stop credit monitoring and identity theft protection service can help you, here.