Spanish and Italian Police Break Up Phishing Gang

Europol: Illegal Operation Connected to Italian Mafia
Spanish and Italian Police Break Up Phishing Gang

The Spanish and Italian national police agencies, in conjunction with Europol have arrested 106 individuals who allegedly are linked to the Italian mafia on a variety of online fraud charges that earned the group at least 10 million euros ($11.7 million) in illegal profits.

See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention Challenge

Spanish and Italian law enforcement officers concluded a yearlong operation dubbed "Fontana-Almabahia" that culminated in 16 house searches, froze 118 bank accounts and seized hundreds of credit cards, SIM cards, POS terminals and other electronic devices, Europol announced Monday.

"The suspects defrauded hundreds of victims through phishing attacks and other types of online fraud such as SIM swapping and business email compromise before laundering the money through a wide network of money mules and shell companies," Europol says. "Last year alone, the illegal profit is estimated at about 10 million [euros]."

In addition to online crime, those arrested allegedly were also involved in money laundering, drug trafficking and property crime. The majority of the arrests were made in Spain, Europol says.

Organization's Structure

Europol notes that the network taken down by the police was well organized, with individuals having specific areas of responsibility.

"Among the members of the criminal group were computer experts, who created the phishing domains and carried out the cyber fraud; recruiters and organizers of the money muling; and money laundering experts, including experts in cryptocurrencies," Europol says.

The majority of those arrested are Italian nationals, with some having links to mafia organizations, police said. The Spanish Police said most conducted their operations from Tenerife, which is in the Canary Islands off the coast of Spain.

The group's operation contained hackers who specialized in phishing and vishing attacks and in the use of social engineering techniques to take gain access to individual's banking credentials, says the Polizia di Stato (Italian National Police).

The majority of the victims were Italian, but the gang also went after Spanish, English, German and Irish citizens, arranging bank transfers of thousands of euros to Spanish accounts controlled by the gang, the Italian police say.

The stolen money was laundered through the purchase of cryptocurrency or reinvested in other criminal activities, such as prostitution, drug production and trafficking, arms trafficking, Italian police say.

The law enforcement agencies did not identify the individuals or offer details on potential sentences if they are found guilty.

Recent Anti-Cybercrime Operations

Ireland's cybercrime police, the Garda National Cyber Crime Bureau, conducted a "significant disruption operation" earlier this month targeting the IT infrastructure of a cybercrime group. (See: Irish Police 'Significantly Disrupt' Attackers' Operations).

As part of the operation, police seized several domains used in a May ransomware attack against Ireland's national health services provider Health Service Executive, a spokesperson tells Information Security Media Group.

While the GNCCB did not provide the identity of the cybercriminals involved in its most recent operation, HSE had said in May that Conti ransomware was used in the attack.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.