Law enforcement in Spain has successfully dismantled a highly skilled cybercriminal ring that employed various hacking techniques to target banking customers. The group, which operated as a crime-as-a-service organization, extorted 100,000 euros from victims and provided criminal services to other offenders, according to police reports.
Furthermore, the cybercriminals, posing as legitimate employees of Spanish banks, utilized fraudulent calls and SMS messages to deceive unsuspecting victims. Through these tactics, they managed to obtain banking credentials from individuals who were then exploited in carrying out unauthorized financial transactions.
The investigation revealed that the group initiated their scheme by sending SMS text messages to victims, pretending to alert them about security issues related to their bank accounts. These messages contained phishing links designed to mimic legitimate bank login pages, tricking victims into providing their banking credentials.
Once armed with the victims’ credentials, the hackers posed as bank employees to acquire the necessary one-time passwords for accessing the accounts and conducting fraudulent transactions. The stolen funds were then transferred to bank accounts provided by accomplices. To further obscure their activities, the cybercriminals laundered their ill-gotten gains through investments in cryptocurrencies and other online platforms.
As a result of victim complaints, Spanish police arrested four members of the cybercriminal group from Hospitalet de Llobregat and apprehended another operator in Barcelona. During the arrests, authorities seized multiple mobile phones, SIM cards, banking cards, and digital ledgers used for storing cryptocurrencies.
Additionally, the group offered crime-as-a-service applications specifically tailored for facilitating fraud to other criminal organizations. This further underscored the scale and impact of their criminal enterprise.