Phishing group that scammed tens of thousands of mobile phone users is finally arrested

A specialized task force of the Ukrainian Police managed to arrest a hacking group that would have stolen the confidential financial information of up to 70,000 people using a complex phishing operation based on fake websites to top up mobile services. The authorities arrested a total of five individuals, who in addition to the phishing charges will face penalties for the operation of a marketing campaign for the online positioning of the websites used in this scam.

According to the report, this fraud was possible due to reduced security measures on the Internet, especially when an individual or company wants to place ads or enable a website with electronic transaction functions. The defendants used some 40 fraudulent websites, connected to a server under the control of an accomplice of the group working as a systems administrator. The operator of this server remained at large at the time of writing.

This group also had the collaboration of three people who acted as mules and facilitated a money laundering operation. Police estimate that this group caused losses of up to $175,000 USD, of which $70,000 USD in cash has been confiscated so far, in addition to the seizure of smartphones, laptops, computers, bank cards and other items related to the fraudulent operation.

All those arrested could be found guilty of at least three violations of Ukraine’s Criminal Code, for which they could be sentenced to more than 20 years in prison. So far it is unknown when the trials against those arrested will begin.

While the fraudulent operation has already been dismantled, users who entered their information on these websites are advised to take the necessary steps to protect themselves against other attacks, including disabling the paid cards entered and reporting the malicious websites.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.