The Civil Guard dismantles an important network dedicated to committing scams through the Internet
16 people have been arrested in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz) and Aranda de Duero (Burgos) for the alleged crimes of fraud and belonging to criminal organization
Through malicious software, installed on the victim's computer by the technique known as "email spoofing", they would have managed to divert large amounts of money to their accounts
The agents have managed to block transfer attempts for an amount of 3,500,000 euros, after analyzing more than 1,800 emails
The Civil Guard, within the framework of the AGUAS VIVAS operation, has dismantled a criminal organization dedicated to committing scams through the Internet. Through malicious software, installed on the victim's computer by the technique known as "email spoofing", they would have managed to divert large amounts of money to their accounts.
16 people have been arrested in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz) and Aranda de Duero (Burgos) for the alleged crimes of fraud and belonging to criminal organization.
20 fraud crimes have been clarified, for a total amount defrauded of 276,470 euros, of which 87,000 euros have been recovered.
Likewise, 2 searches have been made in Madrid, in which a large amount of documentation, mobile devices and computer equipment have intervened.
The investigation began more than a year ago, after several complaints presented by different official bodies, located throughout the national geography, for the alleged infection of their computer equipment with some type of malicious software, with which they would have managed to divert from your accounts, through online banking, large amounts of money.
After analyzing the affected computer equipment, the agents observed that the infection was carried out through a technique known as "email spoofing", consisting of the fraudulent sending of emails in which the attackers hid the sender's true address, replacing it on the other, apparently legitimate, thus succeeding in supplanting the identity of state bodies such as the Tax Agency, the Treasury, the Post Office or the DGT.
Modus operandi
The complainants received messages in their email accounts, supposedly from official bodies such as the Tax Agency, Treasury, Correos, DGT, etc., in which they were required to pay tax debts, pay traffic fines, or collect packages, for which they had to open a link inserted in the email received to see the details. When they accessed that link, they were actually accessing an address or web page from which, in the background, the malicious program was downloaded and installed.
Once installed on the computer, without the user noticing, it remained latent waiting to be activated the moment the user accessed any bank website, executing a banking transaction. At that time, the malicious software carried out an interception and modification of the data issued, making the beneficiary accounts of the money a total of 30 bank accounts belonging to the network. After that, the money was diversified by sending it to other accounts, or by withdrawing cash at ATMs, transfers by BIZUM, REVOLUT cards, etc., in order to hinder the possible police investigation.
One characteristic in which all the victims agreed is that, once they carried out any banking operation through the web, their computers restarted several times until access was blocked, later checking that large amounts of money had been transferred to unknown accounts.
68 email accounts infected by Trojans
The researchers, in collaboration with the Department of Information Technology of the Cáceres Provincial Council, detected suspicious activity in at least 68 email accounts belonging to official bodies, which were infected with the Trojans "Mekotio" and "Grandoreiro", and that were waiting to consummate the fraudulent transfers. The agents have managed to block transfer attempts for an amount of 3,500,000 euros, after analyzing more than 1,800 emails.
The organization was perfectly structured and hierarchical, in 4 levels. On the one hand, there were those who were dedicated to receiving the amounts of fraudulent transfers (Level 1), which they later transferred to other members of the organization (Level 2). On the other hand, there were those who transferred the money to other accounts located abroad (Level 3) and, finally, those who were dedicated to masking the online operations of the accounts (Level 4).
Phishing, Vishing and Smishing
These are three attacks based on social engineering that are very similar in their execution. In general, the cybercriminal will send a message impersonating a legitimate entity, such as a bank, a social network, a technical service or a public entity, with which we feel confident, to achieve its objective. These messages are usually of an urgent or attractive nature, to prevent you from applying common sense and thinking twice.
Phishing: E-mail, social networks or instant messaging applications are usually used.
Vishing: It is carried out through phone calls.
Smishing: The channel used is SMS.
Sometimes, they bring with them a link to a fraudulent website, which could have been spoofed, pretending to be a legitimate link, or it is a malicious attachment to infect us with malware.
Its objective is to obtain personal and / or banking data of the users, making us believe that we are sharing them with someone we trust. They can also use this technique for us to download malware with which to infect and / or take control of the device.
recommendations
The main advice is to be cautious and read the message carefully, especially if it is about entities with urgent requests, promotions or too attractive bargains.
In addition, other guidelines that we can follow to avoid being a victim of this type of deception can be:
Detect grammatical errors in the message. And if it is an urgent matter or a very attractive promotion, it is very likely that it is a fraud.
Check that the link matches the address it points to. And, in any case, we must enter the url ourselves directly in the browser, without copying and pasting.
Check the sender of the message, or make sure it is a legitimate phone.
Do not download any attached file and analyze it previously with the antivirus.
In the case of vishing, we must not download any file requested by the attacker, or give up control of our computer through any remote control software.
Never reply to the message and delete it.
The operation, directed by the Court of First Instance and Instruction nº. 1 of Cáceres, has been carried out by agents belonging to the Technological Crimes Team (EDITE) of the Organic Unit of the Judicial Police (UOPJ) of the Cáceres Command.
https://thespainjournal.com/wp-content/uploads/2021/07/2021-07-10_op_aguas_vivas_01.jpg360640thespainjournal1https://thespainjournal.com/wp-content/uploads/2019/05/logothespainjournal-2.pngthespainjournal12021-07-10 07:45:052021-07-10 07:45:06The Civil Guard dismantles an important network dedicated to committing scams through the Internet
We use cookies at The Sun so we can serve up content and advertising that's relevant to you. You can find out more and control how cookies are used by clicking Cookie Settings. By using The Sun's website, you're agreeing to the use of cookies.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.
Google Analytics Cookies
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visist to our site you can disable tracking in your browser here:
Other external services
We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Vimeo and Youtube video embeds:
Privacy Policy
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.