chalabala - Fotolia

Spanish police bust Mafia-linked phishing gang

A joint operation between European authorities has dismantled a cyber criminal gang with links to the Italian Mafia

The national police services of Italy and Spain, with support from European agencies Europol and Eurojust, have successfully dismantled an organised cyber crime operation linked to the Italian Mafia which defrauded its victims out of €10m.

The investigation, which dates back to June 2020, began when Spain’s Policía Nacional found that a group of people linked to various Mafia clans had moved to Tenerife in the Canary Islands. The culmination of the joint operation with Italy’s Polizia di Stato saw 106 arrests, mostly in Spain, and 16 house searches. A total of 118 bank accounts linked to the operation were seized, along with 224 credit cards, SIM cards and point-of-sale terminals, and an illicit cannabis farm.

Europol said the gang had laundered over €10m of money stolen from its victims – located in Germany, Ireland, Italy, Lithuania, Spain and the UK – through a network of mules and shell companies. From their base in the island’s capital, Santa Cruz de Tenerife, the gang tricked victims into transferring large sums of money into bank accounts that they controlled.

It used a highly organised structure with specialisms clearly delineated – including a number of technical experts who created phishing domains and conducted the frauds, recruiters and organisers of money mules, and money laundering and cryptocurrency experts.

The technical side of the operation was highly advanced, said the Policía Nacional, and encompassed phishing, smishing, vishing, SIM swapping, and business email compromise (BEC).

Commenting on the operation, DigitalXRAID chief operating officer Scott Goodwin said: “It is clear that criminal gangs are investing in more complicated and sophisticated technology-based attacks to further their exploits. However, it is certainly promising to see law enforcement investigating this type of cyber crime, as it will all too often lead to larger organised criminal activity.  

“Phishing attacks are typically first in line when it comes to hackers identifying a potential victim, and protection boils down to building awareness and prioritising training on how to respond. For enterprises looking to protect their workforce, they must also take responsibility by implementing anti-spoofing policies, domain protection and advanced email filtering.”

Goodwin added: “For individuals at risk of being defrauded, recognising a suspicious email is key. For instance, if it encourages an immediate response, it is important to read through multiple times, check the tone and find another means of communication with the sender rather than clicking the link or replying to the email. As criminal gangs continue to use phishing methods to target businesses and the general public, awareness and understanding of how they work has never been more essential.”

Beyond its cyber-enabled activities, the gang is also charged with a number of other offences, including social security fraud, and violent robberies and reprisals against people and businesses on Tenerife. In one instance, members kidnapped a woman and forced her to open online bank accounts on their behalf. They are also implicated in two homicides on the island.

Read more about cyber crime

  • New figures from the National Fraud Intelligence Bureau show a threefold spike in reported financial losses to fraud and cyber crime in the first six months of 2021.
  • Research shows that many people have been seeking cyber crime-related work on the dark web, but why?

Read more on Hackers and cybercrime prevention