Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The Spanish National Police dissolved a cybercrime ring that defrauded 300 people out of almost €12.3 million via phony investment websites.
During these malicious campaigns, the hackers created replicas of popular, legitimate cryptocurrency investment sites. The criminals then attempted to conceal the revenue from their crimes by transferring the funds from Spanish banks to offshore financial entities, where they hoped it would be untraceable by authorities.
Spanish law enforcement officials began investigating the incident after receiving a report from the legal representative of one of the impersonated financial groups.
Six members of the cybercrime ring were captured in Madrid and Barcelona during the operation, and they will be prosecuted for various offenses including fraud, money laundering, and usurpation of marital status.
How Did the Scam Take Place?
To trick users into thinking they were dealing with a legitimate bank, cybercriminals employed the typosquatting technique, which involves registering domains that look similar to the official sites of real, impersonated banks, explains Bleeping Computer.
By changing a single character or the order of two letters, the domains might look legitimate to inattentive site visitors. And in order to attract traffic to their sites, the group lured its victims via links embedded in phishing emails.
Even though the threat group’s victims come from all over Europe, most of the fake websites targeted French people, so the attackers impersonated French financial institutions. The victims were told they were investing money on these websites, but in reality, their deposits went straight to the criminal group’s bank accounts.
The method of defrauding used by the criminal group consisted of offering any potential client, through fraudulent websites, the possibility of carrying out different financial operations, such as: contracting investment products (variable income, futures, and cryptocurrencies) and contracting financing products.
Spanish National Police Statement
The fraudsters deposited the extorted money into their own bank accounts in countries like Spain, Portugal, Poland, and France before trying to launder it by moving it overseas. In the end, the money made its way back to Spanish accounts after being transferred around several times to obscure its origin.
The total amount of money sent to the crime group’s final destination, according to the police investigation, was €12,345,731.
The full press release of the Spanish police is available here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
