The cyberpolice of Ukraine has apprehended a group of phishing actors who stole payment card information from minimum 70,000 customers by tricking them into visiting phony mobile service top-up sites. According to the notification from law authorities, the actors exploited the stolen information to empty their victims’ bank accounts.
Five people have been charged with conducting a well-organized phishing operation that used marketing and advertising firms to boost prominence on search engines and social media platforms. It was possible because online platforms lack a robust screening procedure for their clients and sell items, allowing criminals to take advantage of the situation. Moreover, people are more likely to believe these adverts.
The phishing campaign was backed up by 40 fake websites, all of which were housed on the group’s servers, maintained by another member who served as the devoted admin. Finally, the group’s head arranged for three members to work as internal money mules in the money laundering scheme. The police predict a total cash loss of 5 million hryvnias ($175,000).
The five suspects’ homes were raided by law enforcement agents, who confiscated 2 million hryvnias ($70,000) in cash, mobile phones, bank cards, flash drives, and pcs. Part 2 of Art. 361 (Unauthorized interference with the functioning of computers, automated systems, computer networks, or telecommunications networks) and Part 3 of Art. 190 (Fraud) of the Criminal Code of Ukraine now applies to the arrested persons. These offenses have a maximum sentence of eight years in jail.
The arrests do not imply that consumers who submitted their credit card information on the phishing sites are suddenly secure since the threat actors may have shared it with other cyber-criminals. If you feel you’ve been a victim of phishing, contact your bank to have your card invalidated and a replacement issued.