Spanish authorities have announced the arrest of 40 individuals for their roles in a group involved in bank fraud, identity theft, and money laundering.
Spanish authorities this week announced the arrest of 40 individuals for their roles in a criminal organization that performed bank fraud, document forgery, identity theft, and money laundering.
Two of the individuals, the authorities say, were in charge of carrying out online bank fraud, while 15 others were involved in other illegal activities.
Called ‘Trinitarians’, the criminal organization employed phishing and smishing (SMS phishing) to distribute malicious links that took unsuspecting victims to fake bank login pages where they were prompted to enter their credentials.
Using hacking tools purchased from cybercriminals, the gang monitored in real time the credentials their victims entered on the fake pages. They used the obtained login information to access the victims’ real accounts and request loans or link the victim’s cards to virtual wallets on attacker-controlled phones.
The gang also bought cryptocurrency coupons that were then exchanged in a wallet functioning as a ‘common box’ for the organization, and contracted point-of-sale (PoS) devices in the name of fake companies to make false purchases.
According to the authorities, the group also relied on an extensive network of money mules that received money transfers to their accounts and withdrew cash at ATMs.
Some of the proceeds were sent to bank accounts abroad and used to purchase real estate in the Dominican Republic, the Spanish authorities say.
The gang raked in more than €700,000 (~$760,000) from the schemes and used proceeds to pay for lawyer fees for gang members in prison, buy drugs to resell, and acquire weapons.
During the takedown operation, the Spanish police made 13 house searches in Madrid, Guadalajara, and Seville, and seized computer equipment, lock picks and other instruments for opening doors, padlocks, cash, and documents describing the group’s structure.