Based in Madrid, the international criminal organization employed a sophisticated scam that involved phishing, social engineering, smishing, and vishing to trick victims into sharing details about their bank accounts to steal money from them.

Authorities arrested eight individuals in Madrid and one in Miami, seized high-value objects – including watches valued at more than $200,000, jewelry, dozens of mobile phones, laptops, desktop computers, and tablets – and blocked 74 bank accounts, freezing over $500,000 in assets.

The investigators also discovered bags of clothing and shoes from luxury brands, bank cards, documentation, false passports and identity documents, and a compressed air gun.

Focused on defrauding American firms and individuals, the scheme involved the use of social engineering, phishing, and smishing to gather sensitive information about the potential victims, mainly regarding their financial assets.

At the second phase of the scheme, the attackers contacted the intended victims via phone (vishing), spoofing the calls to hide their identity, to obtain additional information required to complete the scam, either through online purchases or transfers to bank accounts controlled by the attackers.

In some instances, the attackers engaged in three-way calls, interacting with both the victim and their North American financial institution, to obtain verification and authorization codes to complete the fraudulent transactions.

The cybercriminals registered over 100 bank accounts they used as part of the operation. In less than a year, roughly $5.3 million was transferred to the fraudsters’ bank accounts.

Overall, the cybergang is believed to have made more than 200 victims (both individuals and organizations), with the total losses potentially exceeding $7.5 million.

Once the money was transferred to their bank accounts, the cybercriminals transferred it abroad, converted it to cryptocurrency, or withdrew it at ATMs using money mules.

The bank accounts opened in Spain were directly controlled by a single individual, who used numerous false documents as part of the illicit activities. The accounts were opened in the name of third-parties, either working directly with him or recruited by him.