According to police, the phishing ring defrauded some 146 victims, stealing at least 443,600 Euros from online bank accounts.
Victims were tricked into handing over their login credentials through the distribution of emails that pretended to come from legitimate banks, posing as security alerts.
Unsuspecting recipients who clicked on the link were not taken to the real banking website, but instead lookalike webpages under the control of the criminal gang.
Having gained access to bank accounts, the criminals would change the mobile phone settings on victims' accounts in order to receive any authentication codes sent via SMS.
Stolen funds were used to purchase goods, take out personal loans, and make transfers to a network of money mules, with funds often being moved via cash conversion services to the Ivory Coast.
The police investigation began following complaints in 2018 both from victims and a bank, after unauthorised purchases were made in electronics stores in France and elsewhere.
According to police, the gang used VPNs in an attempt to hide their location, making it appear that they were based in foreign countries including Morocco, France, the United States, and Germany.
The cross-border element of the criminal gang's operations would have made it more complicated and costly for the Spanish police to investigate, and might explain why they have investigated the group since January 2019.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.