Anti-Phishing, DMARC , ATM / POS Fraud , Email Threat Protection

Police Bust Suspected Fraudsters in Romania and Spain

Crime Ring Allegedly Sold Counterfeit Products and Services via Amazon, Airbnb
Police Bust Suspected Fraudsters in Romania and Spain
Spanish police conduct house searches last month as part of Operation Valcea-Cruces. (Photo: Spanish National Police)

Police in Europe have disrupted a crime ring, led from Romania, that's been accused of stealing more than €8 million ($9.4 million) from victims in Spain via online fraud, including phishing attacks and online scams. The group has also been accused of forgery and money laundering, including posing as suppliers to public sector organizations.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The criminal group has been dismantled following the arrest of 33 suspects, police say, including five suspects arrested by Romanian Police and 14 suspects arrested by Spanish National Police and Mossos d'Esquadra - the police force of Catalonia.

Authorities say the organized criminal group, active since 2016, came to the attention of police in early 2017, when law enforcement agencies in several countries began seeing fraud with similar patterns, which they ultimately tied to the group. The Spanish Central Investigating Court of the Audiencia Nacional, as well as the Romanian Directorate for Investigation of Organized Crime, Central Office and Terrorism, plus Romanian Police, were all investigating the same group.

The gang has been accused of opening nearly 700 bank accounts in Spain to launder the money it made, which was then withdrawn from ATMs or transferred to accounts located abroad - primarily in Germany, the Czech Republic, Romania, Hungary, Italy and Poland.

Operation Valcea-Cruces

Scenes from Operation Valcea-Cruces. (Source: Europol)

Operation Valcea-Cruces - the investigation into the crime ring - was supported and coordinated by the EU's law enforcement intelligence agency, Europol, and Eurojust, the EU agency that deals with judicial cooperation in European criminal matters.

Spanish police conduct house searches as part of Operation Valcea-Cruces. (Photo: Spanish National Police)

As part of the investigation, police in Romania last month conducted two house searches and police in Spain conducted five house searches, one of which included searching the Valencia residence of the suspected Spanish ringleader.

There, Spanish National Police say they found and dismantled "a sophisticated document forgery workshop" at which "multiple contracts, bank receipts and counterfeit identity letters were drawn up, which were given to the money mules as soon as they moved from Romania to Spain to open bank accounts to receive the stolen funds."

Targeted: Individuals, Hospitals, Local Government

The crime ring targeted public sector organizations by fraudulently claiming that they had yet to pay invoices that had been submitted, Europol says. "Once contact had been established, the organizations were told to transfer money to a new bank account - in reality opened by a money mule," according to Europol.

Spanish National Police say that these schemes targeted numerous public sector organizations, including hospitals and local government agencies.

The crime ring allegedly also targeted individuals via phishing attacks aimed at compromising online bank account credentials, as well as via online sales scams and rent scams.

"Its members opened numerous bank accounts in various [EU] member states using forged identity documents," Eurojust says. "Through those accounts, and via websites such as Amazon and Airbnb, the perpetrators defrauded an amount estimated at more than €8 million by deceiving them into buying counterfeit products or services, such as fake holiday packages."

Police say the group's rent scams, which were the most common, involved the gang copying legitimate real estate advertisements and creating fictitious locations. Whenever potential renters contacted the crime group, the group would respond and - "under the pretext of wanting to avoid problems and carry out transactions in a secure manner" - send them links to supposed housing rentals. "Once they reached an agreement, they provided the victims with an account number to transfer their monthly payment plus a deposit," police say.

Ring Composed of Cells

Police say that to make the crime ring's operations more difficult to disrupt, its ringleaders created separate, redundant cells - all directed from Romania - devoted to various tasks, including:

  • Computing, including phishing attacks and publishing advertisements for fake rental properties;
  • Counterfeiting, including falsifying documents needed to open bank accounts in Spain;
  • Logistics, including purchasing airline, bus and train tickets as well as hotel reservations for money mules;
  • Money laundering, to try and disguise the flow of illegal proceeds.

"For this reason, the operational coordination through Europol and Eurojust of the different, affected countries has been of vital importance in order to get rid of the organization as a whole," Spanish National Police say.

Social Engineering Attacks Continue

Despite these arrests, law enforcement agencies say social engineering remains a significant source of fraud in Europe.

"Social engineering-based fraud remains one of the most significant transnational crime threats to European Union citizens, as well as to private and public sector organizations," says Jari Liukku, head of Europol's European Serious Organized Crime Center. "Billions in criminal profit are made every year by international organized crime groups in what is considered to be the second biggest source of criminal proceeds after drug trafficking."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.