Cybercriminals in Spain used Identity Spoofing to Invest millions of Euros from Scams in Crypto

October 25, 2023

Spanish Law Enforcement Officials have reported the arrest of 34 members of a criminal group responsible for executing phishing attacks for various online frauds, resulting in the gang acquiring an estimated €3 million in illicit gains as reported by the National Police web portal.

Operations were conducted across 16 locations in Madrid, Malaga, Huelva, Alicante, and Murcia leading to the seizure of two stimulated firearms, a katana sword, a baseball bat, €80,000 in cash, four luxury cars, and computer and electronic equipment worth thousands of euros.

In addition, the operation also revealed a database containing cross-referenced information on four million people, obtained by breaching the databases of financial and credit institutions.

The gang leaders generated millions of euros by vending websites crafted by their hackers to other criminal organizations. The websites encompassed fraudulent banking portals, software for mass messaging, and tools for infiltrating diverse databases. They shifted their profits into cryptocurrency assets to transfer their money.

Cybercriminal activities throughout the country

The criminals conducted scams via emails, SMS, or phone calls to defraud vulnerable victims and acquired approximately three million euros. The illicit gains were then sold to other criminal organizations through specialized forums.

According to the report, there was a case where the culprits allegedly exploited a member’s position within a multinational tech company to reroute computer and electronic equipment from suppliers to the criminal group.

In another scam, the hackers illicitly entered customer databases in financial institutions, increased the funds in customer accounts, and subsequently reached out to customers to alert them about apparently mistaken deposits. To refund this fabricated deposit, the customers were instructed to click on a deceptive link to seize their credentials.

The main leaders of the network have been temporarily imprisoned while more than 1000 complaints have been addressed with the potential of discovering culprits and victims reportedly.

Cybercriminals possibly used phishing techniques to scam potential victims by using fraudulent links. A phishing attack is a cybercrime in which scammers use fraudulent emails, text messages, or phone calls to deceive unsuspecting individuals to steal sensitive information and then exploit the information for fraudulent activities including financial fraud and identity theft.

Phishing attacks are a global cybersecurity concern, and different countries implement diverse measures and strategies to mitigate these threats. The phishing services enhance the exposure to attacks because they simplify the process for criminals to obtain fraudulent links for targeting victims. Recently, Interpol has taken down the 16Shop Phishing as a service platform which sold phishing kits to target Apple Pay, Cash App, Amazon, American Express, and PayPal users.

Laundering proceeds of financial crime through Crypto

Very often, criminals use spoofing techniques in order to conceal their true identity. Spoofing techniques can take many forms such as document spoofing, ID spoofing, email spoofing, and website spoofing.

According to the report, the criminals involved in the million euros scam used fake documents and ID spoofing to invest their earnings into cryptocurrency assets.

Due to the surge in cryptocurrency theft & fraud, authorities are placing greater emphasis on ensuring that companies are adhering to anti-money laundering and Know Your Customer (KYC) standards to counter financial fraud. As it’s important to implement KYC regulations for Crypto Exchange to know their customers in a better way, it is also essential for them to use fool-proof KYC solutions powered by authentic IDV tech.

Countries around the globe are regulating the crypto exchange sector and pushing for KYC requirements for Virtual Asset Service Providers (VASPs). However, the issue of exploiting fake documents for ID verification and ID spoofing can render KYC requirements useless as criminals have techniques to dodge businesses.

Also Read: KYC in Crypto | KYC AML Guide