Pierluigi Paganini March 30, 2018

An international operation conducted by the Romanian National Police and the Italian National Police, with support from Europol, the Joint Cybercrime Action Taskforce (J-CAT), and Eurojust. led to the arrest of 20 individuals involved in a banking spear phishing scam.

According to the investigators, the banking phishing scam allowed crooks to defrauded bank customers of €1 million ($1.23 million).

The international investigation lasted two years, the police conducted a series of coordinated raids. 9 of the individuals were arrested in Romania and 11 in Italy.

The Romanian Police raided 3 houses in the country, while the Italian police raided 10 houses and conducted several computer searches.

“A two-year long cybercrime investigation between the Romanian National Police and the Italian National Police, with the support of Europol, its Joint Cybercrime Action Taskforce (J-CAT) and Eurojust, has led to the arrest of 20 suspects in a series of coordinated raids on 28 March. 9 individuals in Romania and 11 in Italy remain in custody over a banking fraud netted EUR 1 million from hundreds of customers of 2 major banking institutions.” reads the press release published by the Europol.

“The Romanian authorities have conducted 3 house searches, while the Italian National Police ordered the execution of 10 home and computer searches, involving more than 100 Italian policemen.”

According to the Europol, the banking fraud scheme netted €1 million from hundreds of customers of targeted 2 major banks.

Most of the members of the gang are Italians, they were using with spear phishing messages posing as tax authorities, in an attempt to harvest their online banking credentials.

“While the most common phishing scams blast out millions of generic e-mails, spear phishing emails are personally addressed to targeted stakeholders with content to make it appear from a reputable source, such as a bank. Recipients are encouraged to click on a link, which will lead to a fake version of a legitimate website where their account or contact details can be stolen.” continues the press release.

The authorities are monitoring the activity of the crime gang since 2016, once the attackers stole credentials through spear phishing message they log into their victims’ accounts and drained funds.

The gang made the cash out through ATMs in Romania, using payment cards associated with criminal accounts.

The crime gang was using encrypted chat applications for the communication and according to the police they also used intimidating and punitive methods towards affiliates and competitors to establish power.

The authorities suspect the group of other illegal activities, including money laundering, as well as drug and human trafficking, prostitution, and participation in a criminal organization.

This is the second successfully operation announced by the Europol in a few days, earlier this week, the agency announced the arrest of the head of the crime ring behind the Carbanak gang that since 2013 targeted banks worldwide.

Pierluigi Paganini

(Security Affairs – Spear Phishing scam, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]