Spain’s National Police Take Down a Phishing Gang

National Police Take Down PhishingA phishing (by email) and smishing (by SMS text) operation in Madrid, Seville and Guadalajara has been taken down by the National Police of Spain. Over 40 arrests have been made on charges of, as the National Police’s announcement states, “belonging to a criminal organization, bank scam, documentary falsification, identity theft, and money laundering." That bag of 40 (alleged) miscreants includes “two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams.”

Some 300,000 people are believed to have been defrauded of at least €700,000. The gang involved is Los Trinitarios, “the Trinitarians,” and while the criminal organization was heavily involved in cybercrime, those crimes were a sideline, intended mainly to fund expenses the gang incurred in its other conventional criminal activity: “purchase of narcotic substances, financing of meetings and parties of the band, purchase of weapons and payment of lawyers or sending money to members in prison to cover their expenses,” said the National Police. (They characterized these as “the group’s usual expenses”).

The gang would use funds stolen by social engineering to purchase cryptocurrency which they’d then convert to fiat currency with the aid of money mules. The typical phishbait was a communication to the victims that they needed to resolve a security issue with their bank account.

While it’s interesting that phishing and smishing appeared to fulfill the function of paying the gang’s operational costs, it’s also worth noting that the techniques the gang used involved no great novelty. As is so often the case, new school security awareness training can help people recognize a phishing attempt in time to spit the hook. 

BleepingComputer has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews