The Ukraine cyberpolice has detained members of a fraud ring that defrauded over a thousand people in the EU out of over $4,300,000. The criminal organization set up over 100 fictitious “phishing” websites to lure customers with discounted goods from France, Spain, Poland, the Czech Republic, Portugal, and other European nations.
The threat actors stole the credit card information the victims supplied on the fake websites, while the orders placed by the victims did not correlate to actual sales. Although the victims’ route to these sites is unknown, it may have involved phishing emails, direct messaging on social media platforms, or malicious advertising.
The thieves utilized the stolen information to make internet purchases with stolen credit cards. Typically, a network of resellers and money mules that aid in money laundering is used to move these commodities. According to the police, they discovered two call centers in Vinnytsia and Lviv that assisted the scam by speaking with customers and persuading them to purchase orders.
Around 30 searches by the Ukrainian police of the members’ residences, call centers, and vehicles resulted in the seizure of computer hardware, mobile devices, and SIM cards for analysis.
Ukraine Cyberpolice Detains The Fraud Rings
Around 30 searches by the Ukraine cyberpolice of the members’ residences, call centers, and vehicles resulted in the seizure of computer hardware, mobile devices, and SIM cards for analysis. The police detained the two arrestees for questioning because they were thought to be the criminal gang’s organizers in the two arrests that were conducted in Ukraine.
Now that they have been detained, the suspects are being prosecuted for violating Article 190, Section 4 (fraud), and Article 255, Section 1. (establishment, leadership of a criminal community or criminal organization, as well as participation in it).
The maximum punishment for these crimes is 12 years in prison and property confiscation. Ten other members of the phishing gang were apprehended and are currently being interrogated in various European nations.
Actions Organizations Should Take To Protect Phishing Attacks
- Include security awareness in your organization’s culture. By increasing their knowledge of phishing attacks’ warning indications and risks, VPS employees will be better able to spot them, be less likely to fall for them, or at the very least, be able to flag a problem and let you know about it so you can act quickly to contain the incident.
- Spam filters or secure email gateways prevent misleading communications from reaching VPS employees. Secure email gateways and spam filters scan incoming emails for spam and fraudulent content. Once they are recognized, they stop them from ever making it to a VPS employee’s mailbox.
- Enable policies for unusual logins and multifactor authentication (MFA). These precautions lessen a scammer’s ability to access the employee’s work account even if the employee gives information to a scammer and improve your ability to identify and address situations quickly.
- Regularly provide employee training To prevent clicking on nefarious links and teach staff to spot phishing assaults.
- Updates and security fixes should be kept current. Installing the most recent patches and upgrades will protect you and your providers from security flaws and vulnerabilities.
Conclusion
Members of a fraud ring that conned more than a thousand victims in the EU out of about $4,300,000 have been apprehended by Ukrainian “cyberpolice.” To entice buyers from France, Spain, Poland, the Czech Republic, Portugal, and other European countries with discounted items, the criminal organization put up over 100 fake “phishing” websites.
While the orders placed by the victims did not correspond to genuine purchases, the threat actors stole the credit card information the victims provided on the bogus websites. The victims may have arrived at these websites via phishing emails, direct messages on social media, or fraudulent advertising; however, the exact method remains unknown. The thieves used the stolen credit cards to make online transactions using the stolen information.
These goods are typically moved through a network of money mules and resellers who assist in money laundering. The authorities in Vinnytsia and Lviv allegedly found two contact centers that helped the scam by conversing with customers and convincing them to place orders. The Ukrainian police conducted about 30 searches of the members’ homes, contact centers, and vehicles, and as a consequence, they seized computer equipment, mobile devices, and SIM cards for examination.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.