The Civil Guard, within the framework of Operation Zobel, has dismantled in Castellón a Criminal Organization dedicated to committing bank scams in the towns of Valencia, Pinto (Madrid), Torrevieja (Alicante), Cartagena and Algeciras (Cádiz), through deception using social engineering techniques.
The Computer and Telematic Crimes Team (Edite) of the Castellón Civil Guard Command, within the framework of Operation Zobel, initiated an investigation following a complaint filed in the town of Onda (Castellón), where a neighbor of the population stated that she had been the victim of several bank scams, whose economic damage amounted to 12,000 euros. From there, the Civil Guard was able to discover the modus operandi of a complex criminal organization, which used the method known as “Phising” to perpetrate criminal acts.
Throughout the investigation, the Civil Guard has been able to verify that the Criminal Organization under investigation was made up of two cells settled in the Levante area and the south of the Peninsula, where most of its members were deployed, dedicated to attracting “economic mules”, in charge of receiving the black money from third parties for later and after an agreed economic compensation, they laundered it and returned it to the top organization through companies that send money or directly by hand to another of its members.
The way of operating used by the group consisted mainly in the practice of the well-known “Phising” method by which Cyber-criminals, using social engineering techniques, They posed as the banks of their victims in an apparent official communication, usually an email, where they were invited to access through a link to their bank’s website, which had been reproduced in detail by the alleged perpetrators but which actually directed them to a controlled false or “fake” website by scammers, thus leading the injured into the trap.
Once on the web and continuing with the deception, the injured parties were asked to confirm the access data to their account, or make the change of them for security reasons, using any excuse to be able to obtain the username and password of the victims, and thus gain full control of the account.