Article Details
Scrape Timestamp (UTC): 2024-12-12 16:47:48.309
Original Article Text
Click to Toggle View
Spain busts voice phishing ring for defrauding 10,000 bank customers. The Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals. Thirty-five of the arrested people were located across Spain, including in Madrid, Barcelona, Mallorca, Salamanca, and Vigo, and another 48 were arrested in Peru. The leader of the ring was also apprehended in Spain during the 29 simultaneous raids conducted by the cooperating police forces, which also seized cash, mobile phones, computers, and documents. Impersonating banks According to the announcement from the Spanish police (Policia Nacional), the scammers operated a large call operation that employed 50 people in three distinct call centers, defrauding at least 10,000 people and making €3,000,000 ($3.15M) in proceeds. The calling agents used stolen databases, pre-written social engineering, and scripts to trick the call recipients into giving away their sensitive banking information. To make the calls appear legitimate, the agents used caller spoofing technology, making their number and caller name match those of the official bank they impersonated, adding credibility to the process. The bait was an alert about unauthorized ATM withdrawals, directing victims to go through a process of fake account verification and give away their one-time passcodes. "After convincing victims they had fraudulent charges and blocked accounts, they guided them through steps on their banking apps, using manuals provided by the organization leaders," reads a press release by the Policia Nacional. "Victims were tricked into sharing verification codes sent to their phones. These codes were immediately relayed to operatives in Spain, who stood ready near bank branches to withdraw cash." Once the cash was withdrawn, about 20% and 30% were kept by the operators, and the rest was sent to the organization in Peru. The police highlight some obfuscation methods used by the criminals, such as using color codes to identify banking organizations when communicating and spreading their operatives across different cities to make tracking them down harder. To protect against these scams, the police recommend only providing personal or banking details after verifying that you are speaking to an actual bank agent. Also, it's important to remember that banks never ask users to give away their card details, ID details, usernames, account passwords, and one-time passwords.
Daily Brief Summary
Spanish and Peruvian police arrested 83 individuals involved in a sophisticated voice phishing scam, affecting over 10,000 bank customers and netting approximately €3 million.
Authorities conducted 29 simultaneous raids across Spain and Peru, seizing cash, mobile phones, computers, and documented evidence of the fraud.
The vishing operation was centralized in three call centers employing 50 people who used social engineering and caller ID spoofing to impersonate bank officials.
Scammers manipulated victims into sharing sensitive information like banking details and one-time passcodes under the guise of verifying unauthorized transactions.
The stolen codes were quickly used by operatives near banks to withdraw funds, which were then partially sent back to the scam's overseers in Peru.
Criminals employed various tactics to avoid detection, including color codes for banks and dispersing operatives across multiple cities.
Spanish police issued warnings and guidance on recognizing and protecting oneself from such phishing scams, emphasizing that legitimate banks do not ask for sensitive personal or account details over the phone.