A phishing (by email) and smishing (by SMS text) operation in Madrid, Seville and Guadalajara has been taken down by the National Police of Spain. Over 40 arrests have been made on charges of, as the National Police’s announcement states, “belonging to a criminal organization, bank scam, documentary falsification, identity theft, and money laundering." That bag of 40 (alleged) miscreants includes “two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams.”
Some 300,000 people are believed to have been defrauded of at least €700,000. The gang involved is Los Trinitarios, “the Trinitarians,” and while the criminal organization was heavily involved in cybercrime, those crimes were a sideline, intended mainly to fund expenses the gang incurred in its other conventional criminal activity: “purchase of narcotic substances, financing of meetings and parties of the band, purchase of weapons and payment of lawyers or sending money to members in prison to cover their expenses,” said the National Police. (They characterized these as “the group’s usual expenses”).
The gang would use funds stolen by social engineering to purchase cryptocurrency which they’d then convert to fiat currency with the aid of money mules. The typical phishbait was a communication to the victims that they needed to resolve a security issue with their bank account.
While it’s interesting that phishing and smishing appeared to fulfill the function of paying the gang’s operational costs, it’s also worth noting that the techniques the gang used involved no great novelty. As is so often the case, new school security awareness training can help people recognize a phishing attempt in time to spit the hook.
BleepingComputer has the story.