In a landmark operation, Europol and Ameripol have successfully dismantled a phishing-as-a-service (PhaaS) network that has impacted over 480,000 victims worldwide. Dubbed “Operation Kaerb,” this coordinated effort specifically targeted a criminal group that specialized in unlocking stolen mobile phones through phishing attacks. Investigators revealed that more than 1.2 million devices had been unlocked, primarily by criminals operating in Spain and various Latin American countries.
Between September 10 and 17, law enforcement agencies in Spain, Argentina, Chile, Colombia, Ecuador, and Peru executed a series of coordinated raids, resulting in 17 arrests and the seizure of 921 items, including mobile phones, vehicles, and weapons. Central to this operation was an Argentinian national who operated the phishing platform, which had been active since 2018. This individual sold access to the platform to “unlockers”—criminals who provided services to those in possession of stolen mobile phones, enabling them to bypass security features and regain access to the devices.
The iServer platform exemplified a modern phishing operation, offering easy access for low-skilled criminals. By providing templates for phishing SMS and emails, the platform allowed “unlockers” to exploit victims’ emotional vulnerabilities. Typically, victims received phishing messages urging them to provide credentials to regain access to their phones, particularly when they had activated “Lost Mode.” Once criminals obtained the login information, they could unlock the stolen devices, erasing any connection to the legitimate owners.
The success of Operation Kaerb underscores the critical importance of international cooperation in combating cybercrime. This operation marks the first joint effort between Europol’s European Cybercrime Centre and Ameripol’s Specialized Cybercrime Centre, highlighting the need for cross-border initiatives in cybersecurity. As the cybercrime landscape continues to evolve, new threats will undoubtedly emerge. However, the dismantling of the iServer platform serves as a significant blow to the PhaaS model, emphasizing the ongoing need for vigilance from both the public and private sectors in the fight against cybercrime.
