The National Police of Spain have arrested two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams.
The cybercrime operation is an email and SMS-based phishing campaign that allegedly scammed over 300,000 people and resulted in confirmed losses of at least 700,000 euros ($770k).
“40 people have been arrested, accused of the crimes of belonging to a criminal organization, bank scam, documentary falsification, identity theft, and money laundering,” reads the police’s announcement.
“The criminal organization used hacking tools and business logistics to carry out computer scams.”
SMS to card theft
The police’s cybercrime unit investigation revealed that members of the Trinitarios organization allegedly used stolen credit cards to purchase cryptocurrency, which was then exchanged with fiat money going into a “common box.”
The card details were stolen from victims who received phishing SMS messages on their phones, alleging they needed to resolve a security issue with their bank accounts.
The victims followed the link provided in the SMS to visit a phishing website made to appear as a clone of the legitimate bank portal, where they entered their account credentials.
The hackers monitored the entered data in real-time using phishing panels, moving quickly to use the stolen data to request loans, link new verification phone numbers to the compromised accounts, and link the cards to virtual crypto wallets under their control.
The police say parallel cash-out systems involved hiring money mules to receive the money through bank transfers, withdrawing it from ATMs, and using PoS (point of sale) terminals belonging to shell online e-commerce businesses to make false purchases.
The stolen amounts were allegedly used for funding the group’s expenses, purchasing drugs and arms, financing meetings, paying lawyers, or sending money directly to imprisoned members of the gang.
The remaining amounts were sent to the Dominican Republic, where other group members used the money to purchase real estate.
The Spanish police are currently working with international partners to locate all stolen amounts and assets derived from crime and potentially recover stolen payments.
Cybercrime as a new revenue stream
Organized crime gangs have turned to cybercrime as a new revenue stream.
In the case of Trinitarios, the Spanish police say the group used money acquired through phishing to cover its legal and operational expenses.
In September 2021, a coordinated Europol law enforcement operation dismantled an extensive network of cybercriminals linked to the Italian mafia, making them yearly profits of over €10 million ($11.7 million) through SIM swapping and business email compromise attacks.