An organized criminal gang that was operating a multi-million-Euro phishing operation has been dismantled by police forces in Belgium and the Netherlands, according to Europol.
The operation involved raids at 24 addresses in the Netherlands on June 21, and police arrested 9 individuals suspected of involvement in the operation. They also seized cash, cryptocurrency, jewelry, firearms, and ammunition. Europol assisted in the operation by sending three experts to the Netherlands to provide real-time analytical support, forensics, and technical expertise to investigators on the ground.
The operation involved sending unsolicited emails, text messages, and instant messages to victims that directed them to a website that masqueraded as a legitimate banking website but contained a phishing kit for stealing banking credentials. When the victims attempted to log in with their credentials in the belief they were on their legitimate banking website, their credentials were captured and used to access the victims’ real bank accounts. Funds were then transferred to money mules’ accounts and were withdrawn. Europol said the gang had defrauded victims out of millions of Euros. Some of the individuals arrested are also suspected of involvement in drug trafficking and the distribution of illegal firearms.
According to the Federal Bureau of Investigation, phishing is the leading cause of complaints about cybercrime to its Internet Crime Complaint Center (IC3). Phishing attacks doubled in 2020, and in 2021, phishing topped the list of complaints in terms of victim count, with 323,972 complaints – 3.9 times as many complaints and the next biggest cause – non-payment/non-delivery scams. In 2021, more than $44 million in losses to phishing were reported to the FBI.
Phishing is also a common entry point into business networks. The credentials stolen in phishing scams are often provided to ransomware gangs and other cybercriminals, and phishing is often the way email accounts are compromised for use in Business Email Compromise (BEC) attacks. Losses to ransomware in 2021 exceeded $49 million, and almost $2.4 billion in reported losses to BEC attacks were reported to the FBI in 2021.