The Guardia Civil has dismantled a criminal organisation dedicated to committing bank fraud, arresting 100 people and investigating another 151.
The majority are young people between 18 and 25 years of age and residents of 39 Spanish provinces, who acted by impersonating the victims’ banking entities in order to defraud them. In the province of Malaga alone, nearly 1.2 million euro have been defrauded from the victims.
In Barcelona, ​​the operation has resulted in 79 arrests and 46 people under investigation. In the case of Madrid, investigators have arrested a total of 17 fraudsters, and are investigating another 17.
Among the provinces involved are also Girona -11 under investigation-, Malaga, Tarragona and Lleida, with 8 under investigation in each.
The investigation has been closed after two years of analysing numerous complaints of fraud filed throughout the province of Malaga. The Guardia Civil agents discovered that there was a common link between all of them.
The criminals impersonated the telephone number of a specific bank (spoofing), from which they sent SMS to the bank’s customers (smishing), and then made phone calls pretending to be bank employees (vishing and caller ID) in order to access the bank account of the victims and then make purchases and money transfers without their consent.
Although the technical profile of the members of the organisation was not particularly high, the deception of the victims was fundamental for its members, as they would not have obtained access credentials to their online accounts without their explicit consent.
Modus operandi
The criminals accessed the victims’ accounts in two steps:
In the first case, victims received an SMS with a fake link that impersonated their bank’s website. The victims accessed this link, which actually led to a fraudulent website – phishing and smishing.
As a second step, after a reasonable amount of time had passed, the victims who had accessed the fraudulent link received a phone call from a modified phone number that made them think it belonged to the bank.
The interlocutor posed as an employee of the entity and, after gaining the victim’s trust with the excuse of solving the security problems they were led to believe they had, asked them for the verification codes necessary to make transfers, thus completing the scam.
This method has led to the theft of almost 1.2 million euro from at least 323 victims in the province of Malaga alone.
The group had a structure with people with different tasks, from the mules in charge of receiving the first transfers from the victims by creating bank accounts, to the members in charge of recruiting collaborators, managing commissions and organizing the movement of the scammed money until it was laundered. The stolen money ended up in accounts abroad or invested in cryptoassets.
A total of 472 bank accounts and 708 telephone lines were analysed, the vast majority of which were registered with false data or with usurped identities.
Almost all of the reported crimes have been solved, with a total of 422 perpetrators identified with varying degrees of involvement within the organisation.
So far, 100 people have been arrested and another 151 investigated for the crimes of belonging to a criminal organization, fraud and money laundering.
Other Articles
Illegal Fishing Longline Removed in Torrevieja
